According to the review, BDO found that Netagio controlled the number of BTC it claimed, and that its storage environment for both its bitcoin wallets and gold supply met all current standards specified by the ISAE 3000 rules. Additionally, the company’s corporate governance, internal compliance, and other “areas central to corporate responsibility” met the standards of the International Auditing and Assurance Standards Board (IAASB).
It’s unclear how appropriate the ISAE 3000 standards are to the storage of bitcoin, as there are few universally agreed-upon best practices. The ISAE requires expert-level evaluation and testing of security and storage procedures, as well as verification that the audited company is complying with their own established process. Netagio already claims to have a secure data center built to comply with the ISO 27001 standard, with data that is encrypted on multiple levels. While Netagio doesn’t mention offline, “vault”-style storage on their site, it’s very likely the company has something like it in place.
The ISAE audit carries far more weight than the recent proof-of-solvency audits passed by exchanges like Kraken and OKCoin. Those audits simply verified that a claimed number of bitcoin or other cryptocurrency were controlled by a given set of addresses, and provided no insight into how such addresses or other data were protected.