The cost of a CryptoCurrency Security Standard (CCSS) audit is determined by the independent CCSS auditor (CCSSA) and can vary significantly depending on the scope and complexity of the system being assessed.
Factors that commonly influence the cost include:
Because CCSSAs operate independently, there is no fixed or standardized audit fee. Entities interested in certification should contact one or more qualified CCSSAs to discuss their environment and obtain a quote based on their specific needs.
In addition to the auditor’s fee, entities should also expect to pay a fee for the required independent peer review conducted by a Certified CCSSA– Peer Reviewer (CCSSA-PR). Once the audit and peer review have been successfully completed, there is also a listing fee that includes issuance of the Certificate of Compliance and publication of the certified system on the official CCSS Certified Systems page.
Entities should also consider the internal time and resources required to prepare documentation, gather evidence, and support the audit process. Thorough preparation can help reduce the overall effort and cost of the assessment. Some entities choose to engage a Certified CCSS Implementer (CCSSI) to help prepare for the audit, identify gaps, and assist with implementing controls. While a CCSSI can help streamline the preparation process, using one is optional.
Thorough preparation can help reduce the overall effort, time, and cost of the certification process.