Provide confidence with an ISAE 3402 certification

ISAE 3402 is a global standard used by companies when they outsource their financial information or IT operations to another organization. For example, when a company outsources its financial administration to another service provider or when a financial institution outsources its IT infrastructure to an external provider. With an ISAE 3402 you show that you properly control and protect the (financial) information in outsourced activities.

‍

• Your customers will increasingly ask for it
• External parties or clients may/demand that your outsourced processes be audited when you cannot demonstrate this with a certificate
• You stand out from your competitors
• You show that your organization complies with legal obligations, such as the AVG, Financial Supervision Act (Wft), Pension Act (PW) and DNB regulations

You can compile the control framework of the ISAE 3402 statement yourself. However, this requires knowledge of the standard. In fact, it is common to include a number of components such as:

• Description of the organization and risk management framework
• Control matrix with financial and general IT Controls
• Description of management objectives and associated management measures
• Management objectives aligned with the user organization's financial statements
• Measures to ensure compliance with ISAE 3402 reporting criteria

‍

Implementing the ISAE 3402 statement is quite a challenge. Fortunately, our experts can help you with that. Because of our experience in information security and implementing management systems, we can guide your organization efficiently. Moreover, we partner with all Certifying Bodies (CIs) in the Netherlands. This ensures direct and fast communication to support you even better before, during and after the process. See also our about us page.