# Principal Service Commitments and System Requirements ## **Introduction** This document outlines Marinade Finance’s principal service commitments and system requirements in accordance with SOC 2 standards from the AICPA. It covers the **Security** and **Availability** trust service principles, including both high-level commitments and specific technical controls. *** ## **Security Principle** ### **Service Commitments** * **Data Protection:** User data is encrypted both in transit and at rest. * **Access Control:** Strict access controls ensure only authorized personnel access sensitive data and systems. * **Incident Response:** A robust plan is in place to respond promptly to security breaches or vulnerabilities. * **User Authentication:** Multi-factor authentication (MFA) is used to protect user accounts. * **Regular Audits:** Routine security audits and vulnerability assessments are conducted to identify and mitigate risks. * **Smart Contract Security:** All smart contracts undergo formal audits and are supported by a bug bounty program. ### **System Requirements** * **Encryption:** AES-256 for data at rest and TLS for data in transit. * **Access Management:** Role-based access control (RBAC), with periodic reviews of access rights. * **Monitoring & Logging:** Comprehensive systems to detect and respond to suspicious activity. * **Network Security:** Firewalls and IDS/IPS deployed to secure the network perimeter. * **Patch Management:** Security patches and updates are applied promptly across systems. * **Smart Contract Audits:** Regular audits by reputable firms and incentivized vulnerability discovery via bug bounties. *** ## **Availability Principle** ### **Service Commitments** * **Uptime Guarantee:** 99.9% uptime target (excluding the Solana network’s availability, which is outside Marinade’s control). * **Disaster Recovery:** A tested recovery plan ensures business continuity during system failures or disasters. * **Scalability:** The platform is built to scale with user demand without degrading performance. * **Maintenance Windows:** Planned and communicated maintenance windows minimize user disruption. * **Redundancy:** Redundant systems and data backups safeguard against data loss and ensure continuity. ### **System Requirements** * **Load Balancing:** Distributes traffic evenly to prevent server overload. * **Backup & Recovery:** Regular backups with tested recovery processes to ensure data integrity and availability. * **Failover Mechanisms:** Automatic switching to backup systems in case of failure. * **Performance Monitoring:** Continuous system monitoring for resource usage and performance bottlenecks. * **Cloud Infrastructure:** Deployed on redundant, high-availability cloud infrastructure. *** ## **Conclusion** Marinade Finance is dedicated to delivering a secure and reliable staking automation platform on the Solana network. Through rigorous controls, security-first engineering, and resilient infrastructure, Marinade ensures alignment with SOC 2 standards and reinforces user trust across all levels of the platform.