Auditor Accreditation
SEAL accredits third-party auditing firms to assess protocols against the SEAL Certification Framework and issue on-chain attestations. The framework is stable and has been validated through engagements with major DeFi protocols, staking operations, and treasury management teams, and accreditation is open now.
How Accreditation Works
Accreditation starts with an intro call about your firm: what you do, your experience and track record, and why you want to be involved. If it is a good fit, we share the accreditation agreement, and you loop us in when you are ready for your first engagement.
Your first client assessment is supervised by SEAL across scoping, evidence review, gap analysis, and certification issuance. We are looking at how you apply the standard, not collecting your client's data. Once we are confident in your team's judgment, you operate independently.
Fees and terms are set out in the accreditation agreement, which will be shared after our initial call.
What's Involved
A full-suite assessment spans a few weeks, but it is not weeks of full-time work. Most of the time is spent coordinating with the client on evidence collection; the focused assessment work is modest. Assessments cover up to six modules (Multisig Ops, Treasury Ops, Incident Response, DevOps & Infrastructure, DNS & Registrar, and Identity & Accounts), and scoping determines which apply to a given protocol.
You do not need to share confidential client information with SEAL. We are observing how you assess, not collecting sensitive client data. Redacted reports or discussions about your process are sufficient, and we are happy to sign an NDA where you or your client requests one.
Getting Started
If your firm is interested, fill out the form. We will then have an initial call to discuss the process, your background, and how everything works.
FAQ
What does accreditation cost?
Specific fees and timing are set out in the accreditation agreement, which will be shared after our initial call.
How does accreditation start?
An intro call where you tell us about your firm, experience, track record, and why you want to be involved. If it is a fit, we share the accreditation agreement and you loop us in when you are ready for your first engagement.
What does the supervised first engagement involve?
We check in at about five points across the engagement: scoping, where you set your evidence bar, how you deliver gap feedback to the client, how you verify remediation, and final assessment and delivery. Expect a few one-hour calls, with us on standby in between.
Do we have to share confidential client information with SEAL?
No. Redacted reports or discussions about your process are enough. We are observing how you assess, not collecting sensitive client data, which can itself be a liability to store.
Can we or our client sign an NDA with SEAL?
Yes, as needed, as long as it does not restrict our ability to run the certifications initiative.
What counts as sufficient evidence?
Assessment is judgment-based. A documented interview where you confirmed how a control is handled can be sufficient on its own; you do not need to collect and store sensitive client artifacts to satisfy a control. You are evaluating whether a protocol's practices are adequate for its scale and risk.
How prescriptive are the controls?
They are a baseline you interpret against the client's maturity. Your job is to judge whether what they have is good enough for where they are. Exceptions are fine when they are justified and documented.
Can we use the controls outside a full certification?
Yes. The same controls work for lighter engagements such as a gap analysis or ongoing retainer work.
How do we give feedback on the controls?
Open an issue or pull request in the frameworks repo. Feedback from firms running real engagements is how the standard improves. See the Contributing guide for details.