Assurance Audits

ISAE 3000 of ISAE 3402

... > Audit and Assurance > Assurance Audits

ISAE 3000

The ISAE 3000 standard is generically applicable to a wide range of issues, such as certainty about cloud hosting and data processing. Examples of possible evaluation targets are:

  1. Information security management systems for organizations in healthcare, industry, banking, government, etc.
  2. Cloud hosting and processing facilities
  3. Operating systems and various types of software applications involved in the secure handling of information.

The delivered Assurance Report could provide you with international recognition of the security status of your organization or developed products. Furthermore, you receive an independent qualified opinion of an expert that helps you to improve your security level in the organization, for your products and/or your services. Assurance Reports are signed off by a certified auditor.

Depending on the depth of the assessment, assurance reports can be split into:

  • Type I: A Type I Assurance Report will provide assurance on the general suitability of the design and the existence of security controls according to the identified criteria.
  • Type II: A Type II Assurance Report will provide an opinion about the design and security controls during a certain period.

ISAE 3402

The ISAE 3402 standard is applicable to service organizations that provide outsourcing services which impact the financial reporting of their clients. These services may include data processing, hosting services, customer support, human resources, and finance and accounting, among others.

If your company is a service provider and your services are used by other companies (your clients) in the production of their financial statements, then your company would likely need to provide an ISAE 3402 report.

The report would provide assurance to your clients, and their auditors, that you have adequate controls in place to protect the data and systems they are outsourcing to you. It would also provide assurance that your company is not posing any material misstatement risks to their financial statements.

ISAE 3402 is effectively the international equivalent of the US's SSAE 18 / SOC 1 reporting framework. The purpose of these reports is to provide assurance to user entities and their auditors regarding the controls at a service organization that are relevant to a user entity's internal control over financial reporting.

ISAE 3402 also distinguishes between Type I and II and corresponds to ISAE 3000.



Assurance Services

Download the fact sheet for our Assurance Services



Are you interested in an Assurance Audit ISAE 3000 of ISAE 3402? Please fill out the form below, and we will contact you within one business day to help you raise your cyber resilience.



Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.