Skip to main content

for security and privacy


SOC2 reports provide insight in security, availability, processing integrity, privacy and confidentiality.


More key IT functions are outsourced to service organizations as a consequence of cloud opportunities and global competition.

Trust Service Criteria

The Trust Service Criteria for security, privacy, availability and confidentiality are international recognized.

General IT Controls

ISAE 3000 is the international standard voor assurance over IT Controls and supports in gaining confidence over business processes.

Attestation Services

ISAE 3000 and ISAE 3402 are the most common Service Organization Control (SOC) 1 and 2 reports.
ISAE 3402 vs ISO 27001

Implement SOC 2

What are the organizational implications of ISAE 3000 SOC 2? What are the requirements?
For an ISAE 3000 SOC2-report the control framework, control descriptions should be described and auditable. An ISAE 3000 SOC 2 should audited by an external auditor (CPA, CA, Wirtshaftsprufer, expert comptable or RA).
The scope of an ISAE 3000 is in generally free, the scope should relate to non-financial processes. If the Trust Service Criteria are applied, the control framework should be described in accordance with these.

More information?

Do you want more information on the impact and requirements of ISAE 3000? Please send information request to