Our approach comprises of an intensive automated audit workflow based on our SOCassurance™ solution, continuous improvement of your and our processes and customer excellence in everything we do. This approach is summarized in the underlying figure.
ISAE 3402 | SOC 1 and ISAE 3000 | SOC 2 are the most important international datacentre standards in use today. ISAE stands for International Standard on Assurance Engagements. ISAE 3402 is the standard for (financial) outsourcing and ISAE 3000 is the standard for non-financial information and if for an ISAE 3000 assurance engagement SOC2 is applied, more specifically the General IT Controls of an organization.
ISAE 3402 | SOC1 and ISAE 3000 | SOC2 govern the way organizations report on their various compliance controls. These reports usually come in the form of a Service Organization Control (SOC) report, which provides the information needed to accurately evaluate the risks and test risk controls associated with outsourced vendors. ISAE 3000 and ISAE 3402 reports provide the attestations of compliance with defined criteria. These defined criteria vary from the processing of financial data to IT governance and control of IT systems specifically.
The core attributes of our approach are efficiency and minimizing the disruption of operational processes during the audit procedures. This requires effective planning and open communication with Capgemini during the planning phase, throughout the entire engagement and particularly during the reporting and audit phase. Our approach is focused on delivering quality throughout the entire process and is subject to the Conclude Accountants quality standards. This ensures adequate stakeholder involvement at the appropriate level.
Audit program & planning
PBC and selections
Testing activities
Audit findings & management