The International Standard on Assurance Engagements (ISAE 3000) as developed by the Global Reporting Initiative G3 Sustainability Reporting Guidelines are, once you’ve waded through the capital letters and acronyms, the definitive reports for SOC 2 reporting. SOC 2 was developed by the American Institute of CPAs (AICPA) and it defines how an organisation manages user data based on security, availability, processing integrity, confidentiality and privacy. These are unique reports that are individual to each organisation and that are defined by the ISAE 3000 principles to ensure ethical and reliable compliance.
There is some confusion between ISAE 3000 SOC 2 and ISO 27001, so much so that PwC recently released a report that explained the difference between the two. ISO 27001 has long been seen as the benchmark in information security but the arrival of the SOC 2 framework has introduced new layers in information security assurance. ISAE 3000 SOC 2 is defined by PwC as ‘allowing for the testing of the operating effectiveness of security controls over a period’.
Great, but what IS ISAE 3000 SOC 2?
If an organisation, like ETZ Global, is ISAE 3000 SOC 2 accredited, then you are assured of reporting and compliance across the five Trust Principles of Security, Availability, Processing Integrity, Confidentiality and Privacy. These principles have been developed in alignment with the need for security – this is the only one of the principles that is mandatory – and to ensure that organisations are provided a formal attestation at the end of the audit process. It’s more than just the certificate of compliance provided by ISO 27001.
The ISAE 3000 SOC 2 report basically ensures that any service organisation that you work with has complied with the requirements and keeps your data private and secure. This means that any data or processes you outsource to a service provider with this formal attestation is handled to the highest standards of security, compliance and care. In a climate where regulations such as POPIA and GDPR are becoming increasingly rigorous and are accompanied with increasingly high fines for non-compliance, this level of accreditation is a critical layer of assurance for the organisation.
In short, ISAE 3000 SOC 2 certification gives you certainty in an uncertain world. And that’s something everybody needs right now.
Where can I find an ISAE 3000 SOC 2 accredited company?
Right here. ETZ Global has just completed its SOC 2 Type II accreditation and will very likely be recertified again in 2021. It ensures that we are audited and assessed to incredibly high standards so that your company is assured of our compliance and protection of your information. We’ve used BDO as our auditors, a company that has a sterling reputation in the market for rigorous testing and ethics.
To find out more about ISAE 3000 SOC compliance and auditing, give us a call. We will walk you through the requirements, provide you with tangible insights that will help you assess the relevance to your organisation, and show you how it has benefited our existing clients today.