International Standard on Assurance Engagements 3402 (ISAE 3402) is an international assurance standard that describes Service Organisation Control (SOC) engagements. Certification can be obtained following an audit by an external party, typically one of the Big 4 accounting firms (EY, Deloitte, PwC, KPMG).
The auditors write a report and award the certificate if the service organisation is found to have adequate internal controls. The auditor’s report may provide a snapshot of the current situation, in which case the service organisation can obtain an ISAE 3402-I certificate. However, if the report covers a period of time (typically 12 months), showing how controls have been managed over time, the service organisation can be awarded an ISAE 3402-II certificate.
For the customers who outsource part of their business processes to these service organisations, ISAE 3402-II certification gives assurance on key questions that arise in outsourcing situations, including: Are services executed in a controlled manner? How is security dealt with? Who has access to the information? Are sufficient anti-fraud measures present?.
Vartion’s ISAE 3402-II certificate gives customers peace of mind on all these outsourcing risks. We realise how highly sensitive the data is that customers entrust to us. That’s why ISAE 3402-II is a big deal for them – and for us. We’re proud and delighted that we can demonstrate to them that their data is treated with the utmost care. And it’s also a great recognition of our quality, our immaculate practices and the hard work and dedication of our team.