Babelway SOC2 compliant says Deloitte’s audit

We are pleased to announce the successful completion of an audit of our platform attesting of its quality and robustness.

This audit was carried out by Deloitte and requires some introductory words to clarify some of the jargon around the quality standards:

SOC stands for Service Organization Controls. SOC reports are prepared by auditors to check that a service organization has the proper controls in place to meet service level objectives.

There exists different types of SOC reports: SOC1, SOC2, SOC3.
SOC1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16. SSAE16 (or ISAE 3402, which is the non-US equivalent of SSAE 16) effectively replaced the SAS70 standard in 2011.
SOC1/SSAE16 reports can only be used for controls relating to financial reporting. They cannot be used by service organisations not directly involved in financial reporting.

SOC2 or SOC3 reports (differences are really minimal between these 2) are used by many companies (managed service providers, Software as a Service (SaaS), cloud computing, etc.) not directly involved in financial reporting of their customers. SOC2 reports therefore replace SAS70 compliance reports for these companies, like Babelway
SOC2/SOC3 reports focus on controls at a service organization relevant to the following principles:

– Security: The system is protected against unauthorized access (both physical and logical)
– Availability: The system is available for operation and use as committed or agreed
– Processing Integrity: System processing is complete, accurate, timely, and authorized
– Confidentiality: Information designated as confidential is protected as committed or agreed
– Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA

In short, a SOC report is the result of an audit on the quality of operations in a service organization.

Following requests from some customers requiring SSAE16/ISAE3402 compliance, we commissionned Deloitte to audit Babelway’s controls relevant to security and availability. We are pleased to announce the completion of this audit that resulted in a ‘clean sheet’. Deloitte’s audit concludes:

“In our opinion, in all material respects, based on the description criteria identified in Babelway Service Organization’s assertion and the applicable trust services criteria
a) The description fairly presents the system that was designed and implemented as of January 17, 2014.
b) The controls stated in the description were suitably designed to provide reasonable assurance that the applicable trust services criteria would be met as of January 17, 2014.”

This is further proof of the robustness of our platform and the quality of our services.
Of course, we don’t rest on our laurels and continue to invest in the quality and reliability of our platform to meet the highest customers’ expectations.

Change Language To: English French