What is an ISAE 3402?

The ISAE 3402 standard provides assurance to clients that the service organization has appropriate controls in place. The Type I report provides a description of the service organization’s systems and controls, which is supported by a management assertion and an auditor’s description of the correctness of the description as well as whether the controls have been put into operation. The Type I report also includes an assertion and an auditor’s opinion on whether the controls are designed in such a way that control objectives can be achieved.

Primary responsibilities of the service organization related to ISAE 3420 I

The Type I report provides a description of the service organization’s systems and controls, which is supported by a management assertion and an auditor’s description of the correctness of the description as well as whether the

A service organization has five primary responsibilities under the ISAE 3402 standard:

1. Present a complete and accurate description of the internal control framework.
2. Specify the control objectives.
3. Identify the risks that threaten achievement of the control objectives
4. Design, implement and maintain controls to provide reasonable assurance that control objectives will be achieved.
5. Provide a written assertion that accompanies the description on completeness and accuracy of the information provided.

Why complying with ISAE 3402?

By complying with the ISAE 3402 standard, it is possible for ComplianceNow as a software and hosting provider to assure our clients that their data and system operation are in good hands.

Follow us on LinkedIn and get instant access to our newest articles and posts about SAP and Compliance.