SOC2 Type 2 statement

This SOC2 Type2 Statement was issued on January 25, 2019 and relates to the 2018 financial year.

By using the Blue10 service, part of the internal processes of a customer, falls to an external system. That is to say it relies on a system outside of the customer’s internal IT organization and management. This means that a Blue10 customer has to be able to rely on the security and availability of the Blue10 service. Naturally, we believe that it is important that our customers can fully rely on our software and services. That is why we have been tested for the SOC2 standards. This is an internationally set standard that is specifically set for services from IT service providers. The SOC2 Assurance Reporting differs from other, traditional certifications, because the SOC2 Assurance Reporting is more extensive and is performed annually through an audit by an independent party. This Assurance report is issued on the basis of the general Assurance guideline 3000. 2-Control, an IT audit party with certified IT auditors, has tested our processes in accordance with this standard.

With SOC2, a distinction is made between a Type 1 and Type 2 statement. With the SOC2 Type 1 Assurance, the way in which the organization intends to conduct its processes and controls is examined. During this audit, the existence of procedures and controls is tested. The follow-up on the SOC2 Type 1 report is a SOC2 Type 2 Assurance. A SOC2 Type 2 Assurance examines whether work has actually been carried out in accordance with the established procedures and controls. To be able to keep a SOC2 Type 2 statement, an annual recurring audit takes place, in which it is examined whether the organization has complied with the agreed processes and controls during the previous financial year.

Blue10 has completed the SOC2 audit for the 2018 financial year and received the accompanying statement, where 2-Control issued a SOC2 Type 2 report. The 2-Control report provides existing and potential customers insight into the quality of the IT services that we offer our users. The scope of the report consists of:

  • The Blue10 service and the systems on which it runs.

The complete SOC2 Type 2 Assurance report is available for inspection for customers of our services at the Blue10 office (in hard copy). The report is not provided digitally. If desired, you can make an appointment to view the entire report via