ISO/IEC 27001:2013 is a standard for security management that specifies best practices for security management and comprehensive security controls according to the ISO/IEC 27002 guidelines for best practices. The foundation of this certification is the development and implementation of a rigorous security program, including the development and implementation of an Information Security Management System (ISMS). Requests for a copy of the ISO certificate and the statement of applicability can be sent to compliance@ccs.nl.
The ISAE 3402 report pertains to the financial world and aims to demonstrate that outsourcing processes are adequately managed. Furthermore, ISAE 3402 reports are increasingly required by accountants of user organizations. The accountant auditing the financial statements of the user organization will need to review processes that are outsourced by this organization. Processes performed by a service organization often impact financial and operational processes that affect the financial statements of the user organization. If a service organization has an ISAE 3402 report, it is not necessary for the user organization's accountant (user auditor) to audit processes, as these have been audited by another external accountant, the service auditor.
