Introduction to Transparent Services BV’s SOC 3 Compliance Report
This document outlines the SOC 3 compliance of Transparent Services BV for the period from January 1st, 2023, to June 30th, 2023. As an IT-driven company, Transparent Services BV specializes in enhancing P2P control, uncovering duplicate payments, and optimizing spend analytics to create value from raw data. This report verifies our compliance with SOC 3 standards, focusing on the security and availability of our services as dictated by the Trust Services Principles.
Main Service Commitments and System Requirements
At Transparent Services BV, we ensure data security by implementing ISO 27001 protocols across both our own and our service providers’ systems. We enforce segregation of duties and utilize two-factor authentication for accessing information, which is also applied to all web communications. Our commitment extends beyond just data storage; we emphasize the importance of securely transferring data from client servers to ours. This transfer is facilitated through our secure upload site. Moreover, our client portal, which is accessed via an SSL-enabled website, provides up-to-date audit progress and ensures comprehensive data protection.
System Components Necessary for Service Provision
Our cloud hosting is managed through Microsoft Azure, where we operate our production environments for both client and employee applications, segregated by region (EU and US). These environments include web services, SQL Servers, and Azure AD for integrated user access control with Windows and Office 365. Access is meticulously managed through Azure AD, ensuring secure and controlled entry into our systems.
Our client-facing services are structured around an Upload Portal for data submissions and a Client Portal for ongoing communications regarding claims. We employ Softphone as our telephony solution, which integrates seamlessly with our custom software. Our systems operate on Microsoft Windows, and we utilize Microsoft SQL Server for data storage, Microsoft Visual Studio for application development, and Microsoft PowerBI for reporting, accessible through the Client Portal. Initially, our programming language was Delphi, which we are transitioning to .NET and C# for modernization and improved efficiency.
Data Management and Security
Our operational integrity involves regular updates and backups. The personnel responsible for governance, operation, and use of our systems are organized as per our Organizational Organogram. We employ both automated and manual procedures to process data—standardizing, enriching, deduplicating, normalizing, and cleansing client data before it enters the auditing phase. The Audit department conducts detailed analyses, and our Customer Services department manages communication with clients’ suppliers.
Data is strategically stored in designated databases: Audit databases for client-specific data, Sysdata database for general data, an email database for correspondence, an archive for historical data, and client databases for invoices collected during audits.
This comprehensive approach ensures that Transparent Services BV maintains high standards of security and operational excellence, adhering to SOC 3 compliance throughout the specified reporting period.