CCSS Audits

Confide and the CCSS

In July 2022, Confide became one of the first organisations in the world to have staff qualified as CCSSAs (CryptoCurrency Security Standard Auditor). This means that our assessors can offer independent assurance for organisations looking to achieve compliance against the CCSS.

Independent assurance is our core business for CCSS, PCI DSS, and ISO 27001. It’s our aim to help organisations develop what we call “sustainable compliance” where the standards are not just a tick-box exercise, but a key part of the organisation’s wider ongoing risk management programme.

Benefits of CCSS With Confide

CCSS provides a security baseline and shows your customers and stakeholders that you take security seriously which helps you build and maintain trust in the market.

By achieving compliance with the CCSS, you can markedly reduce the risk of a data breach with major financial and business impacts. It may even help improve your cyber insurance posture.

Gaining CCSS accreditation provides surety that your organisation has been independently assessed against the industry’s best practices.

Our CCSSAs really care about the work they do and are placed to provide you with expert consulting and advice. Not only are they qualified in auditing, but hold additional certifications in specific cryptocurrencies and blockchain.

How Does the CCSS Audit Process Work?

Although tailored to an organisation’s needs, the audit process typically includes the following phases:

  • CCSS readiness for audit assessment – identify key risks that might prevent you from showing the level of maturity you are targeting.
  • Remediation – take steps to fix the areas where you need to improve with CCSSA advice along the way.
  • Audit & Certification – auditing by a CCSSA to independently verify that you meet the CCSS aspects and what level of maturity you can demonstrate.
  • Re-Audit Cycle – on an annual basis demonstrate that the controls from CCSS are being maintained in an ongoing fashion.

Once the audit is complete, documentation is sent to a further independent CCSSA for peer review as required by C4 (the CyrptoCurrency Certification Consortium). Once the audit documentation is completed, Confide creates the final documentation required by C4 for the certification to be issued.

CCSS Services & Packages

Read more about the packages we offer for organisations that want to undertake CCSS certification. If you’d like to learn more about how we can help you with CCSS Certification, reach out and we’re happy to talk.

As the CCSS auditing programme is relatively new, many organisations have not been through an independent security audit against it before. We find that by completing a “readiness for audit” project, organisations reduce their audit time and have better outcomes because it identifies potential gaps early on. This helps ensure that you meet audit deadlines with less risk.

Our CCSSAs will complete an independent audit of the systems that are part of your CCSS scope. Our lead CCSSA has written numerous articles to cover the audit process. So if you reach out to us, you can expect that we know the CCSS inside and out.

We conduct an independent audit, including the report and help you through the process from start to finish.

If you’re kicking off a project that needs to be aligned to CCSS, audited against CCSS, or is part of your environment that is audited against CCSS, we recommend considering your compliance obligations early.

Confide can assist you understand how to build something that is compliant by design. We provide a block of time that can be used to help you understand the implications of your project in relation to CCSS.

Like any security certification, it is not a “once and done” process. This means that you need to be able to demonstrate that you are complying with the requirements on an ongoing basis.

Though CMAP (CCSS Managed Assurance Programme) moves compliance away from a once-per-year challenge and we work with you to do regular checkins throughout the year, reducing the risk of falling out of compliance over time.

If your staff need to learn more about the CCSS so they can make sure that they are complying with the CCSS aspects, we can help you with training materials or completing the training for you over a remote session.