What does an ISAE 3402 audit provide?
Do you receive questions from your customers or other parties to prove that you manage your most important IT risks that are important in the context of the financial audit (annual accounts)? Qbit supports you by conducting an IT audit under ISAE Directive 3402, in order to prove you meet the controls that you and your customers consider important.
By means of an ISAE 3402 audit you can prove that you have implemented controls to manage the risks related to your services that are relevant for the annual accounts of your customers.
The design of an ISAE 3402 audit
Our approach starts by determining which standard or control framework is suitable for your situation. We align with control frameworks that are common in your industry, such as Cobit or ISO 27001. We also offer standard control frameworks such as audits based on the ICT security guidelines of the NCSC or NIST.
Together we determine the scope of the audit: the object of the audit and the desired depth (design or operational effectiveness). For efficiency and to put you in control, you carry out a self-assessment. This gives you insight into the extent to which you meet the selected controls. We assess the selected controls, preferably based on evidence provided by you. Another core value in our approach is that, along the way, we inform you about findings and necessary improvements. A Qbit audit gives you insight into your improvement potential.
We believe that an assessment of the technical controls should be part of the audit. Our Certified Ethical Hackers test the relevant technical controls. If necessary, we support you to structurally solve the detected vulnerabilities.
The audit is carried out by Qbit’s qualified auditors (RE and/or CISA).
The benefits of an ISAE 3402 audit by Qbit:
- We translate the need for assurance from the viewpoint of your customer
- One single point of contact for all steps
- Qbit shows how the annual audit is more than just an obligation