Security Reporting

We are able to provide our customers with security reports according to ISAE 3402/AT‑C 320 Type II (SOC2 report) upon request.

Corresponding security reports

System & Organization Control (SOC) reports are another reporting system that clearly provides third parties with information about the measures set for the operation of the service, especially security, availability and integrity.

The controlled documentation required to obtain ISO certification often contains highly sensitive information about the operation of the organisation that should not be disseminated to third parties. Therefore, SOC2 reports generally describe internal processes and technical procedures without this information putting other customers at risk.

Types of reports

The ISAE 3402/AT‑C 320 Type II report tracks a set period of time (typically 6 – 12 months) and monitors how internal IT processes have changed. 

It is natural that one internal process and measure cannot last forever and must be renewed as needed. Unlike the Type I report, which tracks status only as of a certain date, the Type II report provides greater insight into process dynamics. As the ISAE report contains sensitive data about the entire organisation, we do not allow it to be freely downloaded from the web as with certificates from TÜV SÜD. If you would like to receive our ISAE report for the last period, please email us at and we will be happy to provide it to you individually. 


Content of the report Type I Type II
Description of the organisation Yes Yes
Independent auditor’s report Yes Yes
Description of cloud infrastructure and technical security Yes Yes
Description and test of the processes and arrangements for the operation of hosted services No Yes