This includes
ISAE 3402 is a global standard used by companies when they outsource their financial information or IT operations to another organization. For example, when a company outsources its financial administration to another service provider or when a financial institution outsources its IT infrastructure to an external provider. With an ISAE 3402 you show that you properly control and protect the (financial) information in outsourced activities.
Why ISAE 3402
- Your customers will increasingly ask for it
- External parties or clients may/demand that your outsourced processes be audited when you cannot demonstrate this with a certificate
- You stand out from your competitors
- Je laat zien dat je organisatie voldoet aan wettelijke verplichtingen, zoals de AVG, Wet Financieel toezicht (Wft), Pensioenwet (PW) en DNB regelgeving
What to expect from the implementation process
You can compile the control framework of the ISAE 3402 statement yourself. However, this requires knowledge of the standard. In fact, it is common to include a number of components such as:
- Description of the organization and risk management framework
- Control matrix with financial and general IT Controls
- Description of management objectives and associated management measures
- Management objectives aligned with the user organization's financial statements
- Measures to ensure compliance with ISAE 3402 reporting criteria
Het implementeren van de ISAE 3402-verklaring is best wel een uitdaging. Gelukkig kunnen onze experts je daarbij helpen. Door onze ervaring in de informatiebeveiliging en het implementeren van managementsystemen kunnen wij jouw organisatie efficiënt begeleiden. Bovendien zijn wij partner van alle Certificerende Instanties (CI's) in Nederland. Dit zorgt voor directe en snelle communicatie om jou nog beter te ondersteunen voor, tijdens, én na het proces. Zie ook onze over ons pagina.
Frequently Asked Questions
The cost of performing an ISAE 3402 implementation depends on several factors, such as the scope of the report, the number of processes to be audited and the support required. Would you like to know exactly what it costs? We will provide a quote without obligation. Feel free to contact us and we will be happy to help you.
ISAE 3402 focuses on financial processes in outsourced (IT) operations. This is in contrast to SOC 2, which focuses only on information security and privacy. In addition, ISAE 3402 allows the organization to set its own management objectives, whereas SOC 2 uses predetermined management objectives.
- ISAE 3402 Type 1 reports on policies and process descriptions with one measurement point (photo capture).
- ISAE 3402 Type 2 reports on the operation of measures for a minimum period of six months (video recording).
When it comes to information security, ISO 27001 is the most widely used standard. With increasing digitalization, an ISAE 3402 statement is also increasingly being requested. Fortunately, much of ISO 27001 is covered by ISAE 3402. It can therefore be convenient to combine both implementation processes to save time and safeguard your organization's internal and external processes.
ISAE 3402 and SOC 1 are similar. Such a report is called ISAE 3402 in Europe and SOC 1 in the United States.
An IT auditor (RE) specializes in conducting IT audits and assessing organizations' information security measures. The abbreviation "RE" stands for Registered EDP auditor. This refers to the former designation of this position. It is a protected title that may only be used by individuals who meet the specified requirements.
You will receive the whitepaper in your mailbox within minutes!
Why Fendix?
Getting started with ISAE 3402
Wil je aan de slag met ISAE 3402? We kunnen je op meerdere manieren helpen. Zoals een GAP-analyse voor inzicht in wat je moet doen voorafgaand aan je implementatie of een begeleidend of ontzorgend implementatietraject.
We have already helped these organizations
.png)
Schedule a no-obligation telephone intake today
What to expect.
We will contact you within one business day!
