ISAE 3402 is an assurance standard put forth by the International Auditing and Assurance Standards Board (IAASB), a standard-setting board of the International Federation of Accountants (IFAC). Much like the AICPA SSAE 16 standard, ISAE 3402 represents a continued shift towards internally adopted and accepted accounting principles. Officially known as “ISAE 3402: The International Standard on Assurance Engagements, Assurance Reports on Controls at a Service Organization”, effectively becomes the new global standard on reporting on controls at service organizations, joining the AICPA SSAE 16 standard as the two (2) noteworthy platforms for such reporting purposes.
ISAE 3402 | International Standard | Description of System | Mgmt. Assertion
In prior years, a combination of region | country specific third-party assurance frameworks were used - such as the well-known AICPA SAS 70 auditing standard, Canada’s CICA 5970, and others - but that’s now changed significantly with the introduction of ISAE 3402, for which service organizations can opt for Type 1 and/or Type 2 reporting. Much like its American equivalent (i.e., SSAE 16), ISAE 3402 requires management to produce a description of its “system”, along with providing a written statement of assertion to the practitioner performing the engagement.
And much like the AICPA SSAE 16 standard - or any type of regulatory compliance assessment - ISAE 3402 reporting require service organizations to have documented operational, business specific, and information security policies and procedures in place.
ISAE 3402 Reporting | Importance of Security Policies | Download Today
Developing such material can be arduous and time-consuming, all the more reason to trust the experts at Flat Iron Technologies, LLC and the Global Information Security Compliance Packet (GISCP) containing hundreds of policies, procedures, forms, checklists, templates, provisioning and hardening documents, and more.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.