Download our latest report on optimising your P2P process, including what other leaders prioritize, and the steps you need to take.
transparent logo
Contact UsClient Portal

ISAE 3000 / Service Organization Control Report Type II (SOC 3®)

Introduction to Transparent Services BV’s SOC 3 Compliance Report

Transparent Services BV works at the intersection of data and finance: helping clients strengthen P2P controls, surface duplicate payments, and turn spend data into something they can actually act on. This report confirms our compliance with SOC 3 standards, specifically around the security and availability of our services under the Trust Services Principles.

Main Service Commitments and System Requirements

Security is built into how we operate. We apply ISO 27001 protocols across our own systems and those of our service providers, enforce segregation of duties, and require two-factor authentication for all information access, including web communications. Data transfer gets the same treatment: client data moves from client servers to ours through a dedicated secure upload site. Clients track audit progress through an SSL-enabled portal that keeps their data protected at every stage.

System Components Necessary for Service Provision

Our production environments run on Microsoft Azure, with EU and US regions kept separate. Each environment includes web services, SQL Servers, and Azure AD, which handles integrated access control across Windows and Office 365.

Client-facing services run through 2 touchpoints: an Upload Portal for data submissions and a Client Portal for ongoing claims communication. Telephony runs through Softphone, integrated with our custom software. Infrastructure runs on Microsoft Windows, SQL Server for data storage, Visual Studio for development, and PowerBI for reporting, accessible through the Client Portal. We’re mid-transition from Delphi to .NET and C#, which brings modernized architecture and better efficiency.

Data Management and Security

Systems undergo regular updates and backups. The teams responsible for governance, operations, and system use are structured according to our Organizational Organogram. Before data reaches the auditing phase, it goes through a processing pipeline, automated and manual, that standardizes, enriches, deduplicates, normalizes, and cleanses it. The Audit department then works on clean, reliable data. Supplier communications are handled by Customer Services.

Data lives in purpose-built databases: Audit databases for client-specific data, Sysdata for general operational data, a separate email database for correspondence, an archive for historical records, and client databases for invoices collected during audits.