Case

The first SOC 1 & 2 compliant Dutch Managed Service Provider on Azure

Meet the strict SOC 1 and 2 requirements when data is in the cloud

The strict SOC 1 and 2 standards are crucial for the confidence of organisations with high compliance requirements, such as banks, insurers and government, to be able to demonstrate that their data is in good hands. When their data is not on premises and they use the public cloud, this presents additional challenges. A managed IT service provider with SOC 1 and 2 in the public cloud unburdens and offers extra assurance and control.

Summary

Challenge

To improve the already high standards of security and compliance even more in both private and public cloud environments, Solvinity included Microsoft Azure in its annual SOC audit scope.

Solution

With additional training on public cloud and obtaining relevant Microsoft certifications, the Security & Compliance team has succeeded in mapping the best practices of the Solvinity private cloud to a public cloud environment.

Results

Solvinity became the first Dutch Managed Service Provider (MSP) with SOC for Azure, receiving glowing SOC 1 and 2 reports which led to increased trust from Solvinity clients.


Having an MSP deliver the SOC reports on Azure on top of Microsoft’s compliance reports ensures organisations that the management of their Azure environments is in very good hands and is managed in a secure and compliant manner.

A compliant infrastructure

The digital world is being increasingly regulated to protect sensitive personal information and prevent abuse. Some organisations only have to comply with general privacy legislation like the GDPR. Others are under more stringent supervision from government watchdogs. To satisfy the requirements of these institutions, organizations have to prove their client data is in good hands – even when their IT is outsourced.

Download casestudy
This unique service in the Netherlands fits well with our experience of Solvinity: a thorough partner with an eye for innovative solutions.
harry tolsma
Technlogy Strategist - Microsoft Nederland
Getting SOC 1 and 2 for Azure

“At Solvinity, we have been SOC compliant for our Solvinity private cloud for close to a decade,” said Paul Cattermole, senior compliance officer at Solvinity. He continues: “But now that many organisations are discovering the scale benefits of the public cloud, we knew we had to expand our scope in terms of security and compliance.” Azure was a logical step in the public cloud, not least because of the partnership with Microsoft on the Azure Cloud Platform and as a Cloud Productivity Partner. This was quite a big challenge, because whilst public cloud wasn’t new to Solvinity, it was new from a compliance perspective. Solvinity’s public cloud team and Microsoft’s certification programs provided the knowledge and expertise to achieve this result.

The Security & Compliance team has made a conscious decision not to write specific controls for Azure environments, but to map its existing ways of working into the techniques of the public cloud. This approach allows Solvinity to design its processes to a point where, whether working with a private or public cloud, it’s confident they are in control.

A good example is access control for joiners and leavers. This is the basis which is used for controlling who has access to which customer systems. This process is synced from the HR system into the Active Directory and then into the Azure Active Directory (AAD). “Our role based access control checks were extended, to include AAD groups for customer systems. So while we have extended into the public cloud, our general compliance controls stay the same”, Cattermole explains

SOC reports to be proud of

In a hybrid world, it shouldn’t matter what system you work in. It comes down to one simple fact: an independent auditor needs to be able to make a judgment about whether you have your affairs in order. Public cloud increasingly offers advantages in cost efficiency and scale – but this can never be at the expense of security or compliance. And with Solvinity & Azure, it won’t.

Listen to this podcast about SOC 2 reports (dutch)

With Azure and Solvinity, FRISS is supported in its global expansion to deliver a safe, secure, scalable solution to fight fraud and high risks for property and casualty insurers.
christian van leeuwen
Medeoprichter & CTO bij FRISS

Download the case study

The first SOC 1 & 2 compliant Dutch Managed Service Provider on Azure
Download case study

Other cases

Cases

All cases