Do you outsource part of your IT services? Or are you the organization that works with outsourced services? More and more organizations use IT service organizations for data processing. An organization that outsources part of its services is able to set requirements on the party that performs these services for it.  To demonstrate that the requirements are met, a SOC 2 statement may be prepared by an independent party. This statement can be used to demonstrate that work is done in a reliable and secure way.

SOC 2 reporting

SOC stands for Service Organization Controls Report. In a SOC 2 report the requirements for organizations that outsource part of their services are included. The report describes the outsourced processes, including the controls implemented by the organization taking over the service and their operation. The reporting standard makes it more feasible to audit outsourced processes. This means that organizations can decide which principles are tested.

SOC 2 statement

We would like to carry out for you the audit required to obtain an SOC 2 certificate. As every organization is unique, we would be happy to discuss your starting position with you, without obligation, and identify any steps which still need to be taken to be ready for the audit. We will then draw up a tailor-made proposal for you.