We are pleased to announce the successful completion of an audit of our platform attesting of its quality and robustness.
This audit was carried out by KPMG and requires some introductory words to clarify some of the jargon around the quality standards:
SOC stands for Service Organization Controls. SOC reports are prepared by auditors to check that a service organization has the proper controls in place to meet service level objectives.
There exists different types of SOC reports: SOC1, SOC2, SOC3.
SOC1 reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16. SSAE16 (or ISAE 3402, which is the non-US equivalent of SSAE 16) effectively replaced the SAS70 standard in 2011.
SOC1/SSAE16 reports can only be used for controls relating to financial reporting. They cannot be used by service organisations not directly involved in financial reporting.
SOC2 or SOC3 reports (differences are really minimal between these 2) are used by many companies (managed service providers, Software as a Service (SaaS), cloud computing, etc.) not directly involved in financial reporting of their customers. SOC2 reports therefore replace SAS70 compliance reports for these companies, like Babelway
SOC2/SOC3 reports focus on controls at a service organization relevant to the following principles:
– Security: The system is protected against unauthorized access (both physical and logical)
– Availability: The system is available for operation and use as committed or agreed
– Processing Integrity: System processing is complete, accurate, timely, and authorized
– Confidentiality: Information designated as confidential is protected as committed or agreed
– Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA
In short, a SOC report is the result of an audit on the quality of operations in a service organization.
Following requests from some customers requiring SSAE16/ISAE3402 compliance, we commissioned KPMG to audit Babelway’s controls relevant to security and availability. We are pleased to announce the completion of this audit that resulted in a ‘clean sheet’. KPMG’s audit concludes:
Our opinion has been formed on the basis of the matters outlined in this report. In our opinion, in all material respects, based on the description criteria identified in management’s statement and the applicable trust services criteria:
a. The description fairly presents Tradeshift Belgium’s SaaS system that was designed and implemented throughout the period 1 January 2022 to 31 December 2022.
b. The controls stated in the description were suitably designed to provide reasonable assurance that the applicable trust services criteria would be met if the controls operated effectively throughout the period 1 January 2022 to 31 December 2022, the subservice organizations applied, throughout the period 1 January 2022 to 31 December 2022 the types of controls expected to be implemented at the subservice organization and incorporated in the design of the system, and user entities applied the complementary user entity controls contemplated in the design of Tradeshift Belgium’s controls throughout the period 1 January 2022 to 31 December 2022;
c. The controls tested, together with the types of controls expected to be implemented at the subservice organization and incorporated in the design of the system, if operating effectively, and which together with the complementary user entity controls referred to in the scope paragraph of this report, if operating effectively, were those necessary to provide reasonable assurance that the applicable trust services criteria were met, operated effectively throughout the period 1 January 2022 to 31 December 2022.
This is further proof of the robustness of our platform and the quality of our services.
Of course, we don’t rest on our laurels and continue to invest in the quality and reliability of our platform to meet the highest customers’ expectations.