By using Blue10, a part of the customer’s internal processes are outsourced. Therefore, customers must be able to rely on the security and availability of Blue10. To ensure our customers are able to fully rely on our software and services, an annual audit takes place by an independent IT audit organisation to test if Blue10 is meeting the objectives of SOC2. SOC2 is an internationally established standard that is specifically aimed at services of IT service providers. The SOC2 Assurance report differs from other traditional certifications, because the SOC2 Assurance report is more comprehensive, adheres to a standard and is carried out annually by an independent IT organisation. The Assurance Report is based on the General Assurance Guideline 3000. 2-Control, an IT audit organisation with certified IT auditors, has assessed our processes according to this standard.
There is a distinction between a Type 1 and a Type 2 SOC report. The SOC2 Type 1 Assurance is considered a attestation report, focussed on the existence of procedures and controls and how the organisation intends to run its processes and controls. The follow-up to the SOC2 Type 1 report is a SOC2 Type 2 Assurance. With SOC2 Type 2, it is tested whether work has been done according to the established procedures and controls. To be able to maintain a SOC2 Type 2 statement, an annual audit takes place. The report provides information to whether the organisation in question has complied with the agreed processes and controls during the previous financial year.
Blue10 has completed the SOC2 audit for financial year 2021 and received the corresponding statement, in which 2-Control has issued a SOC2 Type 2 report. The 2-Control report provides existing and potential customers of Blue10 insight into the quality of the IT services we offer to our users.