Contact Us

ISAE3402 Consultant

Looking for an ISAE3402 Consultant?

The International Standards for Assurance Engagements (ISAE) No. 3402 and Service Organization Control (SOC) reporting (aka SAS 70, which was replaced by Statement on Standards for Attestation Engagements (SSAE) No. 16 in the US). ISAE 3402 was developed to provide an international assurance standard for allowing public accountants to issue a report for use by user organizations and their auditors (user auditors) on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.

ISAE 3402 is an auditing standard to prepare a formal report on the design, implementation and operating effectiveness of the controls within a service organization (providing services to other user organizations).

A SOC2 report is similar but the SOC2 report focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system, as opposed to SOC1/ISAE3402/SSAE16 which is focused on the financial reporting controls.

There are two types of reports:

Type 1:

A Type I report describes the service organization’s description of controls at a specific point in time (e.g. June 30, 2014). In a Type I report, the service auditor will express an opinion on

  • whether the service organization’s description of its controls presents fairly, in all material respects, the relevant aspects of the service organization’s controls that had been placed in operation as of a specific date, and
  • whether the controls were suitably designed to achieve specified control objectives.

Type 2:

A Type II report not only includes the service organization’s description of controls, but also includes detailed testing of the service organization’s controls over a minimum six month period (e.g. January 1, 2018 to June 30, 2018). In a Type II report, the service auditor will express an opinion on the same items noted above in a Type I report, and

  • whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during the period specified.

ISAE 3402 Control Areas

JSC Consultant can help you achieve ISAE3402.

Our approach is to start with a gap analysis which typically takes one day onsite and a day of reporting. This would lead to a project plan that we discuss and once agreed would run. The typical project runs for 3-6 months (elapsed time), but this of course varies depending on how many things you would need to implement to be compliant and this would be clear after the gap analysis.

We can help with all the things required to get to certification. Our normal engagement is to provide overall project management and ISAE3402 consultancy, risk assessment tool and facilitation, required documentation and internal audit. These are all typical deliverables that will help to significantly speed up the certification process as well as ensuring success during external audit.

Internal Audit Service

This service ensures you stay compliant and are ready for the external audit. You would effectively outsource the internal audit to us so you don’t have to spend time and money on training internal auditors or spend the time for employees doing internal audit.

Why chose JSC Consultant Solutions?

  1. We have specialised in the design and implementation of ISAE3402 and other management systems.
  2. Our vast experience in this field means that we can take you through to certification fast and help you stay certified – guaranteed.
  3. We achieve certification results with the least amount of effort from your organisation thus allowing your staff to focus on the core business.
  4. Our Senior Consultants are highly trained and approved to do assessment work for the British Standards Institution (BSI), which is one of the leading certification body. Hence, we have seen numerous management systems and knows what it takes to get certified.
  5. We are BSI Associated Consultant Platinum members which not only means we are trusted by BSI to deliver excellent consulting services, it also means we are able to offer our clients better lead times and discounts on training with BSI.
  6. Our consultants all have a business background and will ensure you get a management system that will support your business, not a system that supports a standard.
  7. We are client led and will always design a programme that fits around the client needs based on a thorough GAP analysis and risk assessment.
  8. We have many clients that will be happy to speak to you about their experience using JSC Consultant Solutions