Principal Service Commitments and System Requirements

An overview of Marinade Finance’s key commitments and technical controls to ensure security, availability, and compliance with SOC 2 standards.

Introduction

This document outlines Marinade Finance’s principal service commitments and system requirements in accordance with SOC 2 standards from the AICPA. It covers the Security and Availability trust service principles, including both high-level commitments and specific technical controls.

Security Principle

Service Commitments

Data Protection: User data is encrypted both in transit and at rest.
Access Control: Strict access controls ensure only authorized personnel access sensitive data and systems.
Incident Response: A robust plan is in place to respond promptly to security breaches or vulnerabilities.
User Authentication: Multi-factor authentication (MFA) is used to protect user accounts.
Regular Audits: Routine security audits and vulnerability assessments are conducted to identify and mitigate risks.
Smart Contract Security: All smart contracts undergo formal audits and are supported by a bug bounty program.

System Requirements

Encryption: AES-256 for data at rest and TLS for data in transit.
Access Management: Role-based access control (RBAC), with periodic reviews of access rights.
Monitoring & Logging: Comprehensive systems to detect and respond to suspicious activity.
Network Security: Firewalls and IDS/IPS deployed to secure the network perimeter.
Patch Management: Security patches and updates are applied promptly across systems.
Smart Contract Audits: Regular audits by reputable firms and incentivized vulnerability discovery via bug bounties.

Availability Principle

Service Commitments

Uptime Guarantee: 99.9% uptime target (excluding the Solana network’s availability, which is outside Marinade’s control).
Disaster Recovery: A tested recovery plan ensures business continuity during system failures or disasters.
Scalability: The platform is built to scale with user demand without degrading performance.
Maintenance Windows: Planned and communicated maintenance windows minimize user disruption.
Redundancy: Redundant systems and data backups safeguard against data loss and ensure continuity.

System Requirements

Load Balancing: Distributes traffic evenly to prevent server overload.
Backup & Recovery: Regular backups with tested recovery processes to ensure data integrity and availability.
Failover Mechanisms: Automatic switching to backup systems in case of failure.
Performance Monitoring: Continuous system monitoring for resource usage and performance bottlenecks.
Cloud Infrastructure: Deployed on redundant, high-availability cloud infrastructure.

Conclusion

Marinade Finance is dedicated to delivering a secure and reliable staking automation platform on the Solana network. Through rigorous controls, security-first engineering, and resilient infrastructure, Marinade ensures alignment with SOC 2 standards and reinforces user trust across all levels of the platform.

PreviousAudits NextMultisig governance

Last updated 16 hours ago

Was this helpful?

Security Principle

Service Commitments

Data Protection: User data is encrypted both in transit and at rest.

Access Control: Strict access controls ensure only authorized personnel access sensitive data and systems.

Incident Response: A robust plan is in place to respond promptly to security breaches or vulnerabilities.

User Authentication: Multi-factor authentication (MFA) is used to protect user accounts.

Regular Audits: Routine security audits and vulnerability assessments are conducted to identify and mitigate risks.

Smart Contract Security: All smart contracts undergo formal audits and are supported by a bug bounty program.

System Requirements

Encryption: AES-256 for data at rest and TLS for data in transit.

Access Management: Role-based access control (RBAC), with periodic reviews of access rights.

Monitoring & Logging: Comprehensive systems to detect and respond to suspicious activity.

Network Security: Firewalls and IDS/IPS deployed to secure the network perimeter.

Patch Management: Security patches and updates are applied promptly across systems.

Smart Contract Audits: Regular audits by reputable firms and incentivized vulnerability discovery via bug bounties.

Availability Principle

Service Commitments

Uptime Guarantee: 99.9% uptime target (excluding the Solana network’s availability, which is outside Marinade’s control).

Disaster Recovery: A tested recovery plan ensures business continuity during system failures or disasters.

Scalability: The platform is built to scale with user demand without degrading performance.

Maintenance Windows: Planned and communicated maintenance windows minimize user disruption.

Redundancy: Redundant systems and data backups safeguard against data loss and ensure continuity.

System Requirements

Load Balancing: Distributes traffic evenly to prevent server overload.

Backup & Recovery: Regular backups with tested recovery processes to ensure data integrity and availability.

Failover Mechanisms: Automatic switching to backup systems in case of failure.

Performance Monitoring: Continuous system monitoring for resource usage and performance bottlenecks.

Cloud Infrastructure: Deployed on redundant, high-availability cloud infrastructure.

Conclusion