ISAE 3402 | SOC1
The global business environment is changing rapidly. Global outsourcing will increase manifold in the coming years. New delivery and supply chain models are being developed. Technologies evolve in a rapid pace and regulatory requirements are more global, and constantly in development. In this global environment, organization are looking at means to establish an effective and efficient outsourcing environment for their business. Third party reporting frameworks such as ISAE 3402 | SOC 1, ISAE 3000 | SOC 2 and the SOC cybersecurity frameworks are gaining a widespread acceptance and become the standard for trusted business.
Outsourced processes demonstrably 'in control' implies that processes are designed properly to cover all financial risks, that the described controls are in place and that these controls operate effectively during a predefined period. Information security should be organized adequately and sufficient measures should be taken to prevent fraud. An external auditor performs an audit on the ISAE 3402 SOC 1 report and provides an assurance to this report. In the next column the next steps to acquire a SOC 1 report are described.
A Service Organization Control (SOC) report is a term from the United States for reporting on the internal control of a service organization. A SOC 1 report contains a description of the risk management organization, the internal control system and the information security measures. Usually, a general description of the internal control system and a control matrix (CM) is included in an SOC1 report, which again includes detailed internal control measures.