We're Now ISO/IEC 27001 and CSA STAR Level 1 Certified: Setting the Standard for Information and Cloud Security

We’re proud to announce that OKX has achieved two globally recognized benchmarks for information and cloud security:

• ISO/IEC 27001:2022 certification, the world’s leading standard for information security management systems

• CSA STAR Level 1 certification, the leading global assurance framework for cloud security

These achievements reinforce our position as a global leader in digital asset security, confirming that our robust security framework not only meets but exceeds the most rigorous international standards for protecting customer information.

What this means for our customers

Achieving ISO/IEC 27001:2022 and CSA STAR Level 1 certifications demonstrates that:

• Your data and assets are protected by internationally recognized best practices

• Security controls and governance have been independently assessed and verified by trusted certification bodies (including BSI Group, for ISO 27001)

• Cloud-specific risks are managed with transparency - our CSA STAR Level 1 certification includes a published self-assessment in the public CSA STAR Registry

• We adhere to global frameworks aligned with ISO 27001, NIST, and SOC 2 (via the CSA Cloud Controls Matrix)

• We’ve implemented effective, proactive systems for identifying, managing, and responding to evolving security threats

• Institutional clients benefit from simplified due diligence, thanks to the public visibility of our controls, certifications and operational practices

Our ISO/IEC 27001 certification journey

The path to ISO/IEC 27001 certification involved months of careful preparation and implementation of required security measures across our global operations.

After thoroughly implementing these comprehensive security controls, we engaged BSI Group, an internationally recognized, independent certification body, to conduct a comprehensive audit of our Information Security Management System. This assessment confirmed our alignment with the rigorous requirements of the ISO/IEC 27001:2022 standard.

Gracie Lin, CEO of OKX Singapore, received the ISO 27001 certification from BSI Group's ASEAN Managing Director, Mr. Emmanuel Herve, on behalf of our company, marking a significant achievement in our commitment to security. On our receipt of the certificate, Mr. Emmanuel Herve commented that this showcases our leadership in information security and our adoption of a forward-thinking approach to managing digital risks. "It’s a significant milestone, and BSI is pleased to have been part of their success."

The 2022 version represents the latest evolution of this framework, introducing enhanced requirements that address today's complex cyber threat landscape and emerging security challenges.

Our comprehensive security framework

Our ISO/IEC 27001 and CSA STAR Level 1 certifications are just two elements of our multi-layered security approach, which also includes:

• Advanced encryption technologies and strict access controls to safeguard customer assets

• Comprehensive product and user security features

• Our monthly Proof of Reserves (PoR) program, audited by blockchain security firm Hacken

• System and Organization Controls (SOC) compliance

• A multi-billion-dollar insurance fund, serving as a dedicated reserve pool to protect customers from excessive loss and auto-deleveraging for specific trading products*

• Advanced, AI-powered safety tools, such as SkyNet, an AI blockchain scanning tool that identifies and flags malicious actors

• Ongoing investments in advanced security infrastructure and threat detection

As we continue our mission to build the world's most powerful trading platform, we remain committed to setting new industry standards for security, transparency and trust.

To learn more about how we protect your assets, visit: okx.com/protect

*Insurance fund available in specific markets only