THIRD PARTY ASSURANCE
In today's global economy, companies must comply with ever-expanding regulations at the international level. Due to various industry regulatory and risk standards, organizations are increasingly required to demonstrate adequate controls and security of their clients' data, which means that a trusted auditor is more important today than ever before.
For our clients, we perform third-party assurance of the services provided or we confirm the setup of their established control procedures. We deliver to our clients the conclusions of the verification of their control procedures or their supplier. We always prepare an assessment of the organisation's environment based on an understanding of its environment, so that conclusions are prepared as efficiently and effectively as possible.
Our third-party assurance services specialists can offer companies services in accordance with applicable professional standards while meeting the requirements of the third-party service client.
ISO 27001 focuses on the development and maintenance of ISMS (information security management system), which is an overarching method for managing data protection practices. To achieve this standard, you need to conduct a risk assessment, identify, and implement security controls, and periodically review their effectiveness.
ISAE 3402 is a third-party assurance mechanism (primarily suppliers) in the form of SOC (Service Organisation Controls).
SOC refers to assurances of controls that could have an impact on the financial statements.
SOC 2 refers to assurance of IT controls. Five basic criteria are included according to which the control is performed.
SOC 2+ is an extended assurance of IT controls. It contains 4 added criteria over SOC 2.
It also concerns assurances of IT controls. However, unlike SOC 2, these reports are usually not detailed, and they are rather general. In most cases these reports are freely available to the public.