Proximus obtains the “ISAE 3000/SOC 2 - Type II” attestation
Published on 05/01/2024 in Industry recognition
Over a period of six months, an independent auditor has tested and certified our internal control systems and measures and issued the Type II report. That shows that we guarantee strong IT security and privacy, and we handle our customers’ data with the greatest care.
What is ISAE?
ISAE stands for “International Standard on Assurance Engagement”. With an ISAE 3000 attestation, organizations show that their IT security and privacy measures are operationally well structured. To obtain this attestation, an audit must be conducted. The audit evaluates the controls and processes of an organization using so-called Trust Services Criteria (TSC). The five criteria are security, availability, processing integrity, confidentiality, and privacy.
Two types of ISAE 3000 reports
There are two types of ISAE 3000 reports. The two reports are very similar, but the audit for Type II is much more comprehensive than for Type I.
- Type I gives a snapshot of a specific time at which the internal control systems and measures of an organization are being tested. Proximus obtained this Type I report in April 2023.
- In Type II, the operation of the measures is tested over a predetermined period of at least six months.
Difference between ISO 27001 and ISAE 3000
ISO 27001 is internationally recognized as the standard for information security and is the best possible way to manage information security in an organization. To obtain the certificate, an organization must satisfy a complete list of requirements.
ISAE 3000 is an assessment of whether the organization also actually implements the internal processes, with management of and reporting on (new) technological risks and control practices. It concerns the IT security and confidentiality of an organization, and the handling of integrity and customer privacy.
The ISAE 3000 standard is the combination of a heightened guarantee of operational execution of the internal processes with a careful focus on cybersecurity as in ISO 27001. And so it combines the best of both worlds.
Guarantees for our customers
After the Type I audit in April 2023, the Type II audit was conducted in October and November 2023 by an independent audit firm within our organization. In view of customer demands for end-to-end services, our affiliates Davinsi Labs and Proximus Ada were also involved in the audit.
The resulting SOC 2 Type II report gives an evaluation over a period of six months of the Managed Security services we provide to our customers:
- Managed Detection and Response (MDR)
- Vulnerability Management Services (MVS)
- Managed Full Care on security devices
The audit confirms that we process our customers’ data with the utmost care. And that we can always guarantee reliable IT security and privacy.
In addition, we have already had the ISO 27001 certificate for several years.
Advantages for you?
- More peace of mind: SOC 2 attestation ensures that we have implemented robust checks and balances to protect sensitive data.
- Compliance: We meet the necessary standards for data protection and privacy, so that our customers can fulfil their own compliance obligations.
- Availability: We can offer reliable continuous access to our services. This means our customers can expect only minimal service interruptions.
With Managed Security Services you leave the management and control of your IT security to our specialists, fully or partially, in complete safety. We approach your IT security with a 360° view that effectively limits the risks you run.
Experts
Our experts keep you informed on the latest news and trends for ICT professionals.