Proximus obtains the “ISAE 3000/SOC 2 - Type I” attestation
Published on 15/06/2023 in News
An independent auditor has tested and certified our internal control systems and measures and issued the Type I report. That shows that we guarantee strong IT security and privacy and we handle our customers’ data with the greatest care.
What is ISAE?
ISAE stands for “International Standard on Assurance Engagement”. With an ISAE 3000 attestation, organizations show that their IT security and privacy measures are operationally well structured. To obtain this attestation, an audit must be conducted. The audit evaluates the controls and processes of an organization using so-called Trust Services Criteria (TSC). The five criteria are security, availability, processing integrity, confidentiality, and privacy.
Two types of ISAE 3000 reports
There are two types of ISAE 3000 reports. The two reports are very similar, but the audit for Type II is much more comprehensive than for Type I.
- Type I gives a snapshot of a specific time at which the internal control systems and measures of an organization are being tested.
- In Type II, the operation of the measures is tested over a predetermined period of at least six months.
Difference between ISO 27001 and ISAE 3000
ISO 27001 is internationally recognized as the standard for information security and is the best possible way to manage information security in an organization. To obtain the certificate, an organization must satisfy a complete list of requirements.
ISAE 3000 is an assessment of whether the organization also actually implements the internal processes, with management of and reporting on (new) technological risks and control practices. It concerns the IT security and confidentiality of an organization, and the handling of integrity and customer privacy.
The ISAE 3000 standard is the combination of a heightened guarantee of operational execution of the internal processes with a careful focus on cybersecurity as in ISO 27001. And so it combines the best of both worlds.
Guarantee of security and privacy
The audit was conducted in April 2023 by an independent auditor within our organization. In view of the customer demand for end-to-end services, our affiliates Davinsi Labs and Proximus Ada were also involved in the audit.
The resulting SOC 2 Type I report gives an evaluation of the Managed Security services we provide to our customers:
- Managed Detection and Response (MDR)
- Vulnerability Management Services (MVS)
- Managed Full Care on security devices
The audit confirms that we process our customers’ data with the utmost care. And that we can always guarantee you reliable IT security and privacy.
It is our ambition to also obtain the Type II attestation before the end of 2023. In addition, we have already had the ISO 27001 certificate for several years.
Advantages for you?
- More peace of mind: SOC 2 attestation ensures that we have implemented robust checks and balances to protect sensitive data.
- Compliance: We meet the necessary standards for data protection and privacy, so that you as a customer can fulfil your own compliance obligations.
- Availability: We can offer reliable continuous access to our services. This means our customers can expect only minimal service interruptions.
With Managed Security Services you leave the management and control of your IT security to our specialists, fully or partially, in complete safety. We approach your IT security with a 360° view that effectively limits the risks you run.
Experts
Our experts keep you informed on the latest news and trends for ICT professionals.