When choosing a Managed Hosting provider, it’s all about trust, reliability, availability, and security. Your applications, data, and online processes deserve a partner who not only promises these values but can also demonstrate them.
That’s why, at Shock Media, we are proud to share that, in addition to our ISO 27001, NEN 7510, and ISO 9001 certifications, we have now also successfully passed our SOC 2 and ISAE 3402 Type 1 audits without any deviations. This is an important milestone in our ambition to consistently meet the highest international standards for information security, quality, and compliance.
In this blog, we explain what these standards entail, what they mean for you as a client, and how we are working towards our next step: obtaining the SOC 2 and ISAE 3402 Type 2 statements.
What are SOC 2 and ISAE 3402?
SOC 2 and ISAE 3402 are assurance standards that define requirements and criteria regarding processes that organizations outsource to an external service provider, such as Shock Media.
SOC 2 (System and Organization Controls 2) is an internationally recognized audit report that assesses whether an organization has implemented the proper measures to control these processes. Specifically, it must comply with the criteria from TSP section 100, Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.
ISAE 3402 (International Standard on Assurance Engagements 3402) is a standard that primarily focuses on the demonstrable control of IT processes that can affect financial reporting.
Audits for both standards are performed by independent and (RE) qualified auditors and result in a formal report that gives our clients insight into the processes and control measures we have implemented to safeguard the security and quality of our services.
The difference between type 1 and type 2 statements
SOC 2 and ISAE 3402 Type 1 reports describe the processes and control measures as implemented regarding Shock Media’s services. An independent auditor assesses the adequacy of the described control measures in achieving the stated control objectives and establishes their proper implementation.
SOC 2 and ISAE 3402 Type 2 reports, in addition to providing insight into the implemented processes and control measures, also provide information on their operation and effectiveness over a defined period, usually six months to a year. Currently, Shock Media is in this control period, which runs until the end of 2025, meaning the audits for the SOC 2 and ISAE 3402 Type 2 statements can be conducted in December.
What does this mean for our clients?
As our clients have come to expect, reliability, security, and quality have been an integral part of our services for years. This was already underlined by our ISO 27001, NEN 7510, and ISO 9001 certifications, for which independent audits are performed annually.
With our SOC 2 and ISAE 3402 Type 1 (and soon also Type 2) reports, we provide our clients with additional insight into how we have organized aspects such as information security, availability, continuity, and risk management. This gives you an objective basis to trust us with the Managed Hosting of your (business-)critical web applications, supported by an independent audit report.
As an entrepreneur in the digital sector or as an IT manager at a (public) organization, you likely already know how crucial it is that suppliers comply with relevant international security, quality, and privacy guidelines. Our SOC 2 and ISAE 3402 reports also support your own compliance efforts. This aligns perfectly with our services, such as our Linux Server Management and our Haven Compliant Kubernetes services.
Want to know more?
Would you like to know more about how our processes and measures regarding our SOC 2 and ISAE 3402 Managed Hosting services are structured? Or would you like to gain insight into our SOC 2 and ISAE 3402 reports? Please feel free to contact our Trustcenter.
