Skip to main content

ISAE 3402 | SOC1

Organizations that provide services that have no effect on their customers' financial statements can have these activities "certified" according to isae 3000. The general IT controls or (GITCs) are described by the organization and provided with an assurance statement by an external auditor. Such an audit is then carried out in accordance with ISAE 3000. The standard framework for this audit can in such a case be the Trust Service Principles or a more generic standard framework, such as COBiT. If your customers are also located in the United States, it is recommended to have a SOC2 report drawn up in accordance with the Trust Service Principles.

ISAE 3402

ISAE 3402

ISAE 3402 is a guarantee that processes that are outsourced are demonstrably "in control". "In control" means that processes are executed properly, that information security is adequately organized and that sufficient measures are taken to prevent fraud. ISAE 3402 is increasingly demanded by financial institutions, listed organizations and professional companies. To become ISAE 3402 certified you need a Service Organization Control report 'certified' by an accountant. ISAE 3402 should not be confused with ISAE 3000.

SOC1 Report

SOC1 Report

A Service Organization Control (SOC) report is a term from the United States for reporting on the internal control of a service organization. A SOC contains a description of the risk management organization, the internal control system and the information security measures. It is usual to include a general description of the internal control system and a control matrix (CM) in an ISAE 3402 (SOC) report, which includes detailed internal control measures

Outsourcing

Outsourcing

Outsourcing or outsourcing can cover almost any process. The IT organization can be outsourced, but also, for example, the processing of financial processes or the credit management process. Organizations increasingly outsource (parts of) important processes. As a result of this outsourcing, important control measures (controls) can get out of sight of the management of the user organization and less influence can be exerted on the implementation of the processes that are outsourced.

Regulation

Regulation

The ISAE 3402 standard was created because organizations and regulators had a greater need for insight into and control of outsourcing. As a result, supervisory authorities such as the Dutch Bank (DNB) and the Netherlands Authority for the Financial Markets (AFM), the government in general and possibly your customers also ask questions or requirements with regard to reporting on the (control of) outsourced processes. Parties require a solid risk management framework, sound information security and transparency about this.

Wat is ISAE 3402 | SOC1?

The global standard for controlled outsourcing

1 Step

2 Step

3 Step

About

Certicus is an international audit firm providing services to the top tier IT and financial services firms worldwide. We continuously explore the latest technology and adapt to follow world’s new trends to deliver the best assurance services to the market.