Proximus achieves renewal and expansion of ISAE/SOC 2 Type II certification

ISAE/SOC 2 Type II certification

An independent audit firm thoroughly tested and certified our internal control systems and measures, confirming that we handle our customers' data with the utmost care and precision. Given the customer demand for end-to-end services, our subsidiaries Davinsi Labs and Proximus ADA were also included in the audit.

The ISAE/SOC 2 Type II report highlights the Managed Security Services that Proximus provides to our customers, with an emphasis on the applicable Trust Services Criteria for Security, Availability, and Confidentiality.

These include:

• Managed Detection and Response (MDR)
• Vulnerability Management Services (VMS)
• Managed Security Full Care (MSEC-FC)

In addition to the above report, Proximus has obtained the ISAE/SOC 2 Type I report for MXDR services, thereby expanding the scope.

This report specifically includes:

• Managed Extended Detection and Response (MXDR) services.

This certification is a testament to our ongoing efforts to improve our security measures and ensure that our customers' data is protected at all times.

What is ISAE?

ISAE stands for "International Standard on Assurance Engagement". With an ISAE 3000 certification (also known as SOC 2 certification), organizations demonstrate that their IT security and privacy measures are well implemented. To obtain this certification, an audit must be conducted. The audit evaluates an organization's controls and processes based on the so-called Trust Services Criteria (TSC). The five criteria are security, availability, processing integrity, confidentiality, and privacy.

Difference between ISO 27001 and ISAE 3000

ISO 27001 is internationally recognized as the standard for information security and is the best possible way to manage information security in an organization. To obtain the certificate, an organization must meet a complete list of requirements.

With the ISAE 3000 certification, it is verified whether the organization actually executes the internal processes, manages and reports on (new) technological risks and control practices. It concerns the IT security and confidentiality of an organization, and the processing integrity and privacy of customers.

The ISAE 3000 standard is the combination of the increased assurance of operational execution of internal processes with the careful focus on cybersecurity like ISO 27001. It thus combines the best of both worlds.

Two types of ISAE 3000 reports

There are two types of ISAE 3000 reports. The two reports are very similar, but the audit for Type II is much more comprehensive than for Type I. • Type I provides a snapshot of a specific point in time when an organization's internal control systems and measures are tested. • For Type II, the operation of the measures is tested over a predetermined period of at least six months.

Assurances for our customers

The audit confirms that we handle our customers' data with the utmost care. And that we can always guarantee reliable IT security and privacy. Additionally, we have been ISO 27001 certified for several years.