ISAE 3000 / Service Organization Control report
The logo 'ISAE 3000 Assurance based on SOC2', may be used by companies that have been audited by 2-Control and have received an SOC2 assurance report.
SOC2 is an international standard which focusses specifically on the services of IT service providers. SOC2 report exists in 2 types. A SOC2 Type 1 Assurance focusses on the way an organization designs their processes and internal controls. A SOC2 Type 2 Assurance is a yearly repeated audit, testing the operating effectiveness of these processes and internal controls. The SOC2 report is more extensive than most other traditional certifications like ISO 27002, because those traditional certifications only focus on the design of processes and internal controls.
A SOC2 report is not a generic quality label. The report has a specific scope and may include restrictions. If you are a customer of the company that carries this logo, it is advisable to request the assurance report from the company in question, so you can form your own opinion about the matters that are important for your organization.
Pay attention to these paragraphs:
- Paragraph 'Scope'. Here you can read which criteria have been audited and the period to which the report relates.
- Paragraph 'Object of research'. Here you can see what has been audited.
- Paragraph 'Limitations'. Here you can see possible attention points from the assessment. You can then decide whether this is relevant to you.