Corresponding security reports
System & Organization Control (SOC) reports are another reporting system that clearly provides third parties with information about the measures set for the operation of the service, especially security, availability and integrity.
The controlled documentation required to obtain ISO certification often contains highly sensitive information about the operation of the organisation that should not be disseminated to third parties. Therefore, SOC2 reports generally describe internal processes and technical procedures without this information putting other customers at risk.
Types of reports
The ISAE 3402/AT‑C 320 Type II report tracks a set period of time (typically 6 – 12 months) and monitors how internal IT processes have changed.
It is natural that one internal process and measure cannot last forever and must be renewed as needed. Unlike the Type I report, which tracks status only as of a certain date, the Type II report provides greater insight into process dynamics. As the ISAE report contains sensitive data about the entire organisation, we do not allow it to be freely downloaded from the web as with certificates from TÜV SÜD. If you would like to receive our ISAE report for the last period, please email us at security@geetoo.com and we will be happy to provide it to you individually.
Compare
| Content of the report | Type I | Type II |
|---|---|---|
| Description of the organisation | Yes | Yes |
| Independent auditor’s report | Yes | Yes |
| Description of cloud infrastructure and technical security | Yes | Yes |
| Description and test of the processes and arrangements for the operation of hosted services | No | Yes |