Should your technology partner have ISAE 3402 accreditation?
Most companies are outsourcing a large percentage of their services and systems for several years now. The as-a-Service phenomenon is hardly new, it’s just been given a fresh lick of paint with the technology brush, becoming incredibly popular due to its ubiquity and accessibility. Companies prefer to use service providers to manage the essential minutiae of the daily business because they’re better at it. This trend is, according to Ernst & Young, also being driven by increased globalisation and the need for standardised business processes.
However, within the increase of outsourced, third-party service lies risk. There is risk in terms of regulatory frameworks, compliance, and procedures. There is a need for the organisation to work with technology partners that understand the value of accreditations such as ISAE 3000 SOC2 and ISAE 3402, like ETZ Global.
What value does ISAE 3402 offer?
The same Ernst & Young analysis mentioned earlier – Implementing and Maintaining ISAE 3402 – defines this accreditation as: ‘…assurance engagements undertaken by an auditor to provide a report for use by user entities and their auditors on the controls at a service organization that provides a service to user entities that is likely to be relevant to user entities’ internal control as it relates to financial reporting’.
It’s a mouthful, but in layman’s terms, working with a company that has achieved ISAE 3402 accreditation’s means that your company is in a safe pair of hands. That you’re working with an organisation that recognises that there is risk and that has put significant controls and systems in place to ensure that this risk is minimised. It’s the lock and key and chain and security guard put in place by the third-party service provider that gives you assurance around your IT controls. The ISAE 3402 standard means that the controls presented by your service provider are fair, effective and aligned with the five trust principles of security, availability, processing integrity, confidentiality and privacy.
Developed by the International Standard on Assurance Engagements (ISAE) in 2009, the ISAE 3402 has been subsequently adapted over the years to provide a truly robust foundation for trust. The full standards can be downloaded from here and a more comprehensive definition as by the ISAE can be found here.
Where can I find an ISAE 3402 accredited company?
Right here. ETZ Global has completed its ISAE 3402 accreditation and is one a few companies that offers you all the benefits that this accreditation brings. As a service organisation with ISAE 3402, ETZ Global can provide you with a detailed description of our controls, how they were designed and their operational efficiency. It’s part of our service to our customers – working with us assures you of trust, transparency and superb compliance with leading governance and risk requirements.
To find out more about ISAE 3402 compliance and auditing, give us a call. We will walk you through the requirements, provide you with tangible insights that will help you assess the relevance to your organisation, and show you how it has benefited our existing clients today.