Security Compliance is a vital part of Magic’s comprehensive security program. At Magic, we understand that trust is extremely important in any successful business relationship. As such, we recognize that compliance with security regulations and industry-standard frameworks is not merely a checkbox exercise but a measurement of our dedication to the security of our customer's data. Magic is the first Wallet-as-a-Service (WaaS) provider to attain SOC 2 Type 2, SOC 3 Type 2, ISO 27001, and HIPAA attestations, further underscoring our commitment to trust.
We communicate trust to our clients by providing tangible evidence that our security approach aligns with industry best practices and regulatory requirements.
Magic’s systems, processes and controls undergo rigorous audits conducted by an industry-leading assessment provider as part of our SOC 2 Type 2 external assessment process. These reports are produced annually and are available after executing an NDA on Magic’s Trust Center.
As part of Magic’s external assessment process, SOC 3 Type 2 reports are produced annually. While an NDA is required to access Magic’s SOC 2 Type 2 report, the SOC 3 Type 2 report is public and can be obtained without an NDA on Magic’s Trust Center.
Magic is ISO 27001:2013 certified, the pre-eminent internationally recognized standard for Information Security Management Systems (ISMS). Following an extensive audit by an industry-leading assessment provider, this certification confirms that Magic meets the highest standards for establishing, implementing, maintaining and continually improving ISMS. Magic’s ISO 27001:2013 certification is available after executing an NDA on Magic’s Trust Center.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. Magic’s products and services are HIPAA compliant and undergo rigorous HIPAA-specific audits annually. Magic’s HIPAA Type 2 report is available after executing an NDA on Magic’s Trust Center.
At Magic, we prioritize the security of our operations, and this extends to our relationships with vendors and subprocessors. We place a strong emphasis on third-party risk management by conducting thorough security reviews before entering into any agreements and ensuring annual assessments thereafter. To learn more about the trusted subprocessors we work with, please visit Magic’s Trust Center.
We believe that maintaining a robust security compliance posture is an ongoing commitment. We constantly assess the effectiveness of our controls to keep them in line with industry best practices, reinforcing our industry-leading security compliance posture. Our continuous control monitoring aligns our internal processes with industry best practices, instilling confidence in our services to our customers and their end-users.
To get in touch with Magic’s Security team, send us an email at [email protected].