Do you outsource part of your IT services? Or are you the organisation that works with outsourced services? More and more organisations use IT service organisations for data processing. An organisation that outsources part of its services is able to set requirements on the party that performs these services for it.  To demonstrate that the requirements are met, a SOC 2 statement may be prepared by an independent party. This statement can be used to demonstrate that work is done in a reliable and secure way.

SOC 2 reporting

SOC stands for Service Organisation Controls Report. In a SOC 2 report the requirements for organisations that outsource part of their services are included. The report describes the outsourced processes, including the controls implemented by the organisation taking over the service and their operation. The reporting standard makes it more feasible to audit outsourced processes. This means that organisations can decide which principles are tested.

SOC 2 statement

We would like to carry out for you the audit required to obtain an SOC 2 certificate. As every organisation is unique, we would be happy to discuss your starting position with you, without obligation, and identify any steps which still need to be taken to be ready for the audit. We will then draw up a tailor-made proposal for you.