BridgePort Achieves SOC 2 Type 1 Compliance

By Nirup Ramalingam, CEO

August 10, 2025 – Institutions using our middleware for off-exchange settlement between custodians and exchanges can rest assured this milestone advances our long-term security strategy.

At BridgePort, our mission is to remove operational barriers in institutional crypto by directly connecting custodians and exchanges for seamless, verifiable off-exchange settlement. Our platform allows participants to allocate assets with precision and efficiency, without prefunding or operating exclusively within  walled gardens. Security is embedded in every integration we deploy. Achieving SOC 2 Type 1 compliance through an independent audit validates that our controls are designed and implemented to meet rigorous trust services criteria. This milestone reinforces that availability, integrity, and data protection are built into our operational core

WHAT SOC 2 TYPE 1 MEANS

SOC 2 is a recognized framework from the American Institute of Certified Public Accountants (AICPA) that assesses how an organization safeguards data and ensures reliable operations. It covers five trust services criteria: 

1. Security

2. Availability

3. Processing integrity

4. Confidentiality

5. Privacy

   
   

A Type 1 attestation evaluates whether controls are suitably designed and implemented as of a specific date. It is a point-in-time verification of readiness, not an ongoing performance assessment. Our independent audit resulted in a formal attestation report, giving institutions a standardized, trusted reference for evaluating our control environment without lengthy custom reviews.

WHY THIS MATTERS FOR INSTITUTIONAL CRYPTO

Today, many institutional participants operate through prefunding or within closed custodial silos. While these reduce counterparty risk, they also constrain capital efficiency and flexibility. BridgePort offers an alternative; a secure orchestration layer for credit allocations, off-exchange settlement instructions, and reconciliations between exchanges and custodians. This replaces assumptions with verification, delivering accurate, timely, and validated settlement processes that all parties can confirm. SOC 2 alignment provides stakeholders with a recognized framework for verification, streamlining due diligence and accelerating integration. For trading firms that depend on these connections, the result is faster onboarding, lower operational friction, and stronger assurance that processes meet institutional standards.

CONTROLS AND SECURITY IN PRACTICE

Our SOC 2 Type 1 attestation reflects a layered, risk-based security program:

• Strong multi-factor authentication for interfaces and APIs, enforcing least-privilege principles across systems.

• Data minimization, storing only what is necessary for allocations and settlement messaging, never custodying client private keys.

• Encryption of sensitive data in transit and at rest, with segregated secrets management for API keys.

• Secure software development lifecycle with peer code reviews, dependency scanning, and infrastructure hardening.

• Continuous monitoring, proactive alerting, and incident response playbooks with defined SLAs.

• Regular independent testing, including penetration testing, with continuous control improvement. These measures work together to protect operational integrity and maintain availability while supporting the flexibility institutional settlement requires.

BridgePort is committed to achieving SOC 2 Type 2 compliance in the Q4 2025.

•  •  •  •

To review our SOC 2 Type 1 report and security overview, contact our team. If you are a custodian, exchange, or trading firm exploring BridgePort, we can align quickly on security and integration requirements so you can move from review to execution faster.