Assurance Audits (ISAE 3000 & 3402)

Cyber security compliance is becoming increasingly important because it is a means to demonstrate that the security of organizations, processes and products is properly arranged. This can be done through an assurance assignment; a cyber security study that draws conclusions about compliance with the well-considered set of requirements.

Assurance can give you international recognition of the security status of your organization or developed products.

Adobe Stock 206608597

Assurance according to ISAE 3000

Assurance services are professional assessment services that perform audits according to internationally accepted auditing standards for assurance, such as ISAE 3000. The ISAE 3000 standard is generically applicable to a wide range of issues, such as certainty about cloud hosting and data processing.

The delivered Assurance Report could provide you with international recognition of the security status of your organization or developed products. That makes a difference! Furthermore, you receive an independent qualified opinion of an expert that helps you to improve your security level in the organization, for your products and/or your services. Assurance Reports are signed off by a certified auditor.

Secura believes that providing an independent qualified opinion of an expert gives comfort for the involved people and organizations, proves compliance and addresses shortcomings or considers points for improvement.

Depending on the depth of the assessment, assurance reports can be split into:

  • Type I: A Type I Assurance Report will provide assurance on the general suitability of the design and the existence of security controls according to the identified criteria.
  • Type II: A Type II Assurance Report will provide an opinion about the design and security controls during a certain period.


An Assurance service, can be executed for a very wide range of target products and services, from various domains. Examples of possible evaluation targets are:

  1. Information security management systems for organizations in healthcare, industry, banking, government, etc.
  2. Cloud hosting and processing facilities
  3. Operating systems and various types of software applications involved in the secure handling of information


When is ISAE 3402 relevant?

ISAE 3402 is applied in the case of outsourcing where financial information is processed by a service organization. This is also referred to as Service Organization Control report (SOC). The assurance report is aimed at the management of the outsourcing organization.

ISAE 3402 also distinguishes between Type I and II and corresponds to ISAE 3000

How can Secura help?

Secura can be your trusted partner for providing assurance on your procedures or product security controls. More specifically:

  • We can guide you on how to select the most relevant assessment criteria for the assurance service;
  • Perform Assurance Audits conducted by registered and experienced auditors, based on the selected criteria. This results in an official assurance report, the proof of your compliance.

For more information, please refer to our fact sheet. We would like to discuss with you how we can best help you.

Fact sheets

Cybersecurity Assurance Services

Overview of our Cybersecurity Assurance Services

Download fact sheet file_download
Secura Contact Shape
Partners of Secura

Cybersecurity is more than technology alone. Secura collaborates with partners in compliance and risk management, integrated application security, privacy, IT- and internet law and certification.