Skip to main content
risk advisory

Risk advisory

ISAE 3402

ISAE 3402

Implementing ISAE 3402 requires effective planning, leadership involvement, a thorough analysis of processes and reliable resources, and project management.



An ISAE 3402 project typically starts with an implementation phase in which the SOC report is prepared. The overall success of an ISAE 3402 project is highly dependent on the alignment of the service organizations’ control objectives and framework to the needs and requirements of all stakeholders.

Advisory based

In this proposal, we have prepared two alternatives for the advisory services. Option I is prepared based on the advisory request in the RFP and consists of 16 hours to review the ISAE 3402 & advise on documentation provisioning for audit purposes.

Control based

Option II is prepared based on the number of controls and our experience in the pension administration industry. A typical pension administration organization in the Netherland has typically 300 controls. Our experience in the pension administration industry is that pension plans and formal procedures relating to these, including the PensioenWet (PW), bring a level of complexity that controlling these procedures justifies this number of controls.


Of course, we will always strive to minimize layered on controls and seek efficiency, however, providing a realistic view leads to a more sustainable relationship in our opinion.

The global standard for controlled outsourcing