Assurance according to ISAE 3000
Assurance services are professional assessment services that
perform audits according to internationally accepted auditing standards
for assurance, such as ISAE 3000. The ISAE 3000 standard is
generically applicable to a wide range of issues, such as certainty
about cloud hosting and data processing.
The delivered Assurance Report could provide you with
international recognition of the security status of your organization or
developed products. That makes a difference! Furthermore, you
receive an independent qualified opinion of an expert that helps you to
improve your security level in the organization, for your products
and/or your services. Assurance Reports are signed off by a certified auditor.
Secura believes that providing an independent qualified opinion of an
expert gives comfort for the involved people and organizations, proves
compliance and addresses shortcomings or considers points for
improvement.
Depending on the depth of the assessment, assurance reports can be split into:
- Type I: A Type I Assurance Report will provide
assurance on the general suitability of the design and the existence of
security controls according to the identified criteria.
- Type II: A Type II Assurance Report will provide an opinion about the design and security controls during a certain period.
An Assurance service, can be executed for a very wide range of
target products and services, from various domains. Examples of possible
evaluation targets are:
- Information security management systems for organizations in healthcare, industry, banking, government, etc.
- Cloud hosting and processing facilities
- Operating systems and various types of software applications involved in the secure handling of information
When is ISAE 3402 relevant?
ISAE 3402 is applied in the case of outsourcing
where financial information is processed by a service organization. This
is also referred to as Service Organization Control report (SOC). The
assurance report is aimed at the management of the outsourcing
organization.
ISAE 3402 also distinguishes between Type I and II and corresponds to ISAE 3000
How can Secura help?
Secura can be your trusted partner for providing assurance on your procedures or product security controls. More specifically:
- We can guide you on how to select the most relevant assessment criteria for the assurance service;
- Perform Assurance Audits conducted
by registered and experienced auditors, based on the selected criteria.
This results in an official assurance report, the proof of your
compliance.
For more information, please refer to our fact sheet. We would like to discuss with you how we can best help you.