Blogs

Blogs

BIT provides support with ISAE 3402, ISAE 3000 and SOC 2 certifications

03-11-2020 09:41:28

BIT provides support with ISAE 3402, ISAE 3000 and SOC 2 certifications

Organisations can outsource important business processes that are not part of their core business to an external party (service organization). However, these user organisations do retain ultimate  responsibility for the internal control of those processes. In order to give the user organization assurance that there are sufficient control measures in the field of security, the service organization can choose to have an ISAE 3402, ISAE 3000 or SOC 2 audit performed. BIT can support these organisations in meeting the requirements for their certification.

ISAE 3402, ISAE 3000 and SOC 2

ISAE 3000 and ISAE 3402 are standards of the International Federation of Accountants (IFAC). These standards are used to provide certainty about an outsourcing.

ISAE 3402
International Standard on Assurance Engagements 3402 - Assurance reports on control measures at a service organization.

ISAE 3000
International Standard on Assurance Engagements 3000 - Assurance other than audits or reviews of historical financial information.

SOC 2
Service Organization Control 2 - An alternative to ISAE 3402 is SOC 2. The primary assessment framework is not outsourcing, but information security.

Support with certification requirements

We can help customers by providing support with their ISAE 3402, ISAE 3000 or SOC 2 questions. Our security officers can answer specific questions and if desired, certain matters can be observed on location. In this way, we have already helped many customers to meet their certification requirements.

Subjects that usually come up during these types of conversations are:

- monitoring the 'environment';

- facilities for physical security;

- performing maintenance and results thereof;

- access control;

- valid certificates.

Monitoring of the environment
For the monitoring of the environment, such as temperature, humidity and water detection in the data centers, procedures for following up anomalies must be in place. We can evaluate that proper monitoring is in place and when follow up action has been taken.

Physical security
We can work with you to evaluate how physical security is arranged in and around our data centers and provide a clarification of the process. We will show you how our emergency power supply, biometric access control, burglary protection, camera security, fire detection and extinguishing is arranged.

Execution of maintenance
You will be given access to the overview of performed and to be performed maintenance moments.

Access control
BIT has access control based on biometrics and access cards. This control makes sure that people can only enter areas to which they have been granted access. You have insight into who has had access when and to which space. This data is also available to our customers via our customer portal. It is also possible that you provide us with an authorisation schema which indicates who may request certain changes. You have access to this, in case you want to verify that we adhere to it.

Valid certificates
You can view certificates and declarations of applicability and also be given commentary and clarification about these matters. BIT has ISO 27001 and NEN 7510 certificates for information security. We have
deliberately chosen to declare the entire service provision in scope.



By: Kristian de Bruijn