ISO 27001 & ISAE 3402 Certification
About ISAE 3402
The “International Standard on Assurance Engagements” (ISAE 3402) is the international testing standard which assesses the effectiveness of the internal control system (ICS) of service organizations. The aim of ISAE 3402 is to comprehensively test the internal control system of an organization and to evaluate its effectiveness in detail. There are two types of Service Auditor’s Reports: Type I and Type II.
A Type I report describes the service organization’s description of controls at a specific point in time (e.g. June 30, 2012). A Type II report includes the opinion of an external auditing organization regarding the control processes of the service provider, a description of the control points, the test method and checks, information concerning the test period, and a statement about the effectiveness of the controls. The audit is carried out over a period of six months (e.g. January 1, 2012 to June 30, 2012).
ITSDONE has been conducting these reviews to present an unbiased independent view of its internal control systems.
About ISO / IEC 27001
A further step was taken by attaining the ISO 27001 certification which is the international standard for Information Security Management Systems, or ISMSs.
The main benefits from a practical point of view are twofold; first, implementing an ISMS according to the ISO27001 standard improves your information security and secondly, becoming certified proves to interested parties, such as customers, employees, shareholders and suppliers that the organization is committed to keeping their data secure.