Trust Center

Trust Through Transparency

MPCH publishes what most infrastructure providers keep behind NDA — our certifications, validations, controls, and compliance posture. Transparency is how we earn institutional trust.

Zero breaches
Since inception
5 certifications
Independent reviews
13 patent families
Protecting the stack
Certifications & Audits

Independent Validation

Every certification below was earned through independent audit or external review. MPCH does not self-certify.

SOC 2 Type II
Annual Renewal

Independent audit of security controls covering security, availability, and confidentiality. Attested by an AICPA-accredited CPA firm against the Trust Services Criteria.

Security · Availability · Confidentiality
ISO 27001
Information Security

Information security management system certified to the international standard. Covers risk management, access control, and incident response.

ISO/IEC 27001
ISO 22301
Business Continuity

Business continuity management certified. Covers operational resilience, disaster recovery, and service restoration under disruptive conditions.

ISO 22301 · Operational Resilience
NIST CSF V2
Framework Aligned

Cybersecurity framework aligned. Identify, Protect, Detect, Respond, Recover — mapped end-to-end across MPCH operations and platform controls.

NIST Cybersecurity Framework 2.0
NCC Group PSR
Physical Security Review

Black-team vault facility review. Independent validation of physical and cyber infrastructure conducted by NCC Group, a globally recognized security assurance firm.

Independent Assessment · Vault Infrastructure
Read case study
External Validation

What NCC Group Found

NCC Group’s cyber security review provides MPCH with credible, independent assurances that their technology secures sensitive keys and data against current and emerging threats. This assurance gives clients the confidence to store their most critical secrets and keys with MPCH.

NCC Group — Enterprise Key Storage & Management Review Read the case study
Security Posture

How the Stack Is Secured

Three architectural properties that define MPCH’s cryptographic security posture. Each is independently verifiable by institutional clients.

01 — Hardware

FIPS-Validated Hardware

All MPCH Stronghold-KMS tiers use FIPS-validated HSMs. Certification level is matched to client requirements. All cryptographic operations are performed inside FIPS-validated hardware boundaries — no key material ever leaves the HSM in plaintext.

02 — Architecture

Zero-Knowledge Architecture

Key material never exists whole outside the hardware boundary. Multi-party computation distributes trust across operators so no single party can sign alone. MPCH cannot access client key material; neither can any one employee or system.

03 — Operations

Chain of Custody

Every key operation is logged to tamper-evident systems. Access is biometric and multi-person. Independent review is available for institutional clients under appropriate engagement terms.

Export Compliance

Regulatory posture for defense and regulated industries

Ti22 OTIG products carry BIS CCATS G199601 classification under ECCNs 5A002 / 5D002 / 5E002 / EAR99. Full export control documentation and end-use certification are available upon request.

View Export Compliance Details
Data Handling & Client Rights

How Client Data Is Managed

Operational commitments that apply across all Stronghold-KMS tier engagements.

Data Residency Options

Client key material and operational data can be scoped to specific geographic regions. Residency requirements are agreed at onboarding and enforced at the infrastructure level.

Log Retention

Operational logs are retained for 365 days via SIEM. All key operation events are captured with tamper-evident timestamping. Extended retention available on request.

Audit Access

Institutional clients may request access to audit logs for their key operations under agreed terms. MPCH supports third-party audit engagements for qualified counterparties.

Incident Response Protocol

Defined escalation path and notification timeline for security events. Client notification within contractually agreed windows. Post-incident review available for all severity-one events.

Third-Party Verified

Independent Certifications & Controls

MPCH is independently audited and certified against internationally recognized security and continuity standards.

AICPA SOC 2 certification SOC 2 Security, Availability & Confidentiality
ISO 22301 Business Continuity Management certification ISO 22301 Business Continuity Management
ISO 27001 Information Security Management certification ISO 27001 Information Security Management
Security Contact

Security Inquiries & Vulnerability Disclosure

Responsible disclosure is welcomed. Contact our security team directly. All submissions are reviewed and acknowledged within one business day.

[email protected]

For general inquiries, visit Contact.

MPC Holding, Inc. and its subsidiary Ti22, LLC (“Ti22”) are committed to full compliance with U.S. export control and economic sanctions laws, including the Export Administration Regulations (“EAR”) administered by the U.S. Department of Commerce, Bureau of Industry and Security (“BIS”), and the sanctions programs administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”).