SOC 2 type 2 statement
Crunchr develops a SaaS solution to analyse and plan the workforce based on information from various HR systems.
By using Crunchr's software, part of the client's internal processes is outside the client's organization. To maintain the trust of customers, it is very important for Crunchr to be able to give assurance about the security and availability of the services provided.
Assurance according to Directive 3000
For the independent assessment of the information security with respect to software and services, a SOC 2 audit based on the Directive 3000 was chosen. The SOC 2 standard is a form of assurance specifically aimed at IT service organizations and provides guidelines and principles for determining, establishing, and maintaining measures that Crunchr should normatively take to secure the information provision.
SOC 2 Type 1 & Type 2 rapport
A SOC 2 audit consists of a Type 1 and a Type 2 report. The SOC 2 Type 1 Assurance looks at how the organization plans to run its processes and controls.
SOC 2 Type 2 Assurance involves an annual review of whether the established procedures and controls have actually been followed.
"Our SOC 2 statement has helped us tremendously," said Crunchr's Chief Architect, Jan Joris Vereijken. "We got a razor-sharp picture of a number of process weaknesses, which we were able to solve nicely based on 2-Control's recommendations. This has demonstrably contributed to the quality of our services. Moreover, we noticed that we could give targeted customers confidence based on the SOC 2 statement. That played a role in every contract negotiation, and often a crucial one. We could never have won our largest clients without that statement. We also experienced the cooperation with 2-Control as pleasant and productive; the auditors were very sharp and at the same time constructive, we learned a lot from them."
We warmly congratulate Crunchr on obtaining the certificate and thank all those involved for their efforts, cooperation and the trust placed in us!