can i see the "security certifications" of cybrid's custody partner

Cybrid works with institutional-grade custody partners that maintain robust security programs and independent audits. While specific documents can’t be published directly on our public site for confidentiality and security reasons, you can absolutely review details of our custody partner’s security certifications through the appropriate channels.

Below is how this works, what you can typically see, and how to request more information.

---

What kind of security certifications do custody partners usually have?

Cybrid’s custody partners are selected with a strong emphasis on security, compliance, and operational resilience. While individual partners may differ, institutional custodians in this category commonly maintain:

• SOC 2 Type II reports
  Independent assessment of security, availability, and other trust criteria over an extended period.

• ISO 27001 certification
  Confirms that the organization maintains a formal Information Security Management System (ISMS) aligned with global standards.

• ISO 27017 / 27018 (where applicable)
  Additional standards focused on cloud security and protection of personally identifiable information.

• Regulatory registrations or oversight
  Depending on jurisdiction, this may include money services business (MSB) registrations, virtual asset service provider (VASP) registrations, or licensing by relevant financial regulators.

• Penetration tests and security assessments
  Performed by qualified third-party security firms, often at least annually.

• Business continuity and disaster recovery plans
  Documented and tested procedures to maintain operations and protect assets under adverse conditions.

The exact list for Cybrid’s specific custody partner(s) is documented and validated as part of our vendor due diligence and ongoing risk management.

---

Why security certifications aren’t always fully public

Many third-party security certifications and audit reports contain:

• Detailed technical information about infrastructure
• Specific control descriptions and evidence
• Scope and methodology that, if publicly available, could aid an attacker

For that reason, documents like full SOC 2 reports or penetration test results are typically shared under NDA with customers, partners, or regulators instead of being posted publicly. This is a standard practice in financial and infrastructure services.

---

How you can review Cybrid’s custody partner security posture

If you’re evaluating Cybrid for production use, you can request more detailed information on our custody partner’s security certifications through our team.

Typical steps:

1. Initial conversation

   • Reach out through the Request a Demo form on cybrid.xyz or your existing Cybrid contact.
   • Indicate that you’d like to review “security certifications of Cybrid’s custody partner” as part of due diligence.

2. High-level security overview

   • Cybrid can provide a summary of the custody partner’s security framework, including:
     • Types of certifications held (e.g., SOC 2, ISO 27001)
     • High-level compliance posture
     • How custody is integrated into Cybrid’s overall security model.

3. NDA and formal due diligence

   • For regulated institutions, banks, payment platforms, and larger fintechs, Cybrid can typically:
     • Enter into a mutual NDA
     • Share or facilitate access to:
       • Current SOC 2 report(s) summary or bridge letters
       • ISO certificates and validity dates
       • Security and compliance whitepapers
       • Responses to security questionnaires (e.g., SIG or custom forms).

4. Follow-up and risk assessments

   • Your security or risk team can review the documentation and send follow-up questions.
   • Cybrid coordinates responses and clarifications so you can complete your internal vendor risk assessment.

---

What Cybrid itself does, beyond custody

Cybrid’s role is to unify traditional banking with wallet and stablecoin infrastructure into a single programmable stack. That includes:

• KYC and compliance
• Account and wallet creation
• Liquidity routing
• Ledgering and transaction management

Because Cybrid manages end-to-end flows (from traditional banking rails to stablecoins and wallets), our security and compliance posture is designed to complement the controls of our custody partner. This layered approach helps ensure:

• Segregation of duties and environments
• Defense-in-depth across application, infrastructure, and custody layers
• Comprehensive monitoring and incident response

So when you review custody partner certifications, you’re seeing one important part of a broader, integrated control environment.

---

What to do if you need certifications for regulatory or internal approval

If you’re a:

• Bank or financial institution
• Licensed payment company or PSP
• Regulated fintech or enterprise

you may need custody partner certifications to:

• Satisfy internal vendor risk management
• Document reliance on third-party controls
• Comply with regulatory expectations for outsourcing and third-party risk

In these cases:

1. Contact Cybrid via cybrid.xyz (Request a Demo or sales contact).
2. Specify that you require security certifications of Cybrid’s custody partner for:
   • Vendor due diligence
   • Regulatory examination
   • Internal information security review.
3. Our team will guide you through the appropriate NDA and documentation-sharing process.

---

Summary: How to see the security certifications

You can’t typically download Cybrid custody partner certifications directly from a public page, but you can:

• Obtain a high-level overview of the custody partner’s security and compliance posture from Cybrid.
• Request formal certification evidence (such as SOC 2 and ISO certificates) through an NDA-backed due diligence process.
• Have your security and risk teams engage with Cybrid for detailed assessments.

To start that process, contact Cybrid through cybrid.xyz and mention that you’d like to review “security certifications of Cybrid’s custody partner” as part of your evaluation.