SOC2 Type 2 statement

By using Blue10, a part of the customer’s internal processes are outsourced. Therefore, customers must be able to rely on the security and availability of Blue10. To ensure our customers are able to fully rely on our software and services, an annual audit takes place by an independent IT audit organisation to test if Blue10 is meeting the objectives of SOC2. SOC2 is an internationally established standard that is specifically aimed at services of IT service providers. The SOC2 Assurance report differs from other traditional certifications, because the SOC2 Assurance report is more comprehensive, adheres to a standard and is carried out annually by an independent IT organisation. The Assurance Report is based on the General Assurance Guideline 3000. 2-Control, an IT audit organisation with certified IT auditors, has assessed our processes according to this standard.

There is a distinction between a Type 1 and a Type 2 SOC report. The SOC2 Type 1 Assurance is considered a attestation report, focussed on the existence of procedures and controls and how the organisation intends to run its processes and controls. The follow-up to the SOC2 Type 1 report is a SOC2 Type 2 Assurance. With SOC2 Type 2, it is tested whether work has been done according to the established procedures and controls. To be able to maintain a SOC2 Type 2 statement, an annual audit takes place. The report provides information to whether the organisation in question has complied with the agreed processes and controls during the previous financial year.

Blue10 has completed the SOC2 audit for financial year 2021 and received the corresponding statement, in which 2-Control has issued a SOC2 Type 2 report. The 2-Control report provides existing and potential customers of Blue10 insight into the quality of the IT services we offer to our users.

Scope of the SOC2 Type Assurance report

The scope of the SOC2 report includes the systems, operational activities and service of Blue10 and the supporting services regarding Blue10 that will be further described and elaborated in this report.

  • The statement provides a certain degree of certainty as to:
  • The true and fair view of a description of the system;
  • The suitability of the design of the control measures;
  • The suitability of the effective operation of the control measures.

The statement is limited to criteria for Security, Availability and Process Integrity.

When will the report of 2022 be available? 

The next report will be the report for the year 2022. In order to make a complete report, the year 2022 must have ended. Because the audit by our IT auditor may take some time, it is expected that the next report will become available during the first quarter of 2023. As soon as the report is available, we ensure that this is mentioned in the newsletter. We do not have any ‘Bridge letters’ available in  the meantime.

Download report

The full SOC2 Type 2 Assurance report is digitally available to customers of our services and can be downloaded here.


If you have any questions about the SOC2 Type 2 Assurance report, please send your questions to