Planday – ISAE 3000/SOC 2
Planday has successfully achieved an ISAE 3000 | SOC 2 statement which demonstrates the commitment from Planday to its customers and other stakeholders about the importance of data privacy and the value of information and cybersecurity in their strategy, governance, and their day-to-day operations.
"Building a sustainable relationship with our assurance partner, who could advise us on best practice, was critical to achieve our information and cyber security goals. Certicus’ professionalism and in-depth industry knowledge helped Planday to enhance the trust, integrity and reliability of its security controls." - Sharon Langer, Planday
"The cooperation with Planday was despite the challenges that Covid-19 posed very productive. All stakeholders had the drive and focus to contribute to the process, which resulted in an efficient and effective audit. I look forward to working with Planday on the coming audit period and the other periods that will follow in the future".
– Freek Klaasen, Certicus
Planday is a technology platform that helps customers to build an employee schedule faster by taking into account staff vacation, availability and payroll costs. Operating across Europe, the UK, and in the USA, with more than 225 employees and driven by a growth-centric business model, it was important to look at obtaining the ISAE 3000 assurance report.
Achieving ISAE 3000|SOC 2 is a demonstrable commitment from Planday to its customers and other stakeholders about the importance of data privacy and the value of information and cybersecurity in their strategy, governance, and their day-to-day operations.
For example, many of Planday’s customers are Kommunes, the political jurisdictions in Denmark. Kommunes require that their third-party suppliers demonstrate that independent controls are in place for IT security and validate the integrity of systems to ensure the confidentiality and privacy of the information processed by that system.
Certicus ltd. is an international assurance provider with activities in the European Union (Germany, France, the Netherlands, Denmark, and Belgium), United Kingdom, and Japan. Certicus is a spin-off from Conclude Accountants BV in the Netherlands and operates under Dutch Law. Certicus is focused on performing ISAE 3402|SOC 1 and ISAE 3000|SOC 2 engagements efficiently and advise proactively during the whole process.
The first SOC 2 Type II audit, completed after the assessment and implementation process, faced a challenge right from the start: Covid-19. The main offices of Planday are located in Denmark and the United Kingdom, while the auditors of Certicus ltd. are mainly located in The Netherlands. Because of Covid-19, traveling to Planday was not an option so both organisations had to look for the best alternative option to continue the SOC 2 audit. A remote audit using collaborative software was the solution that made the communication and assurance process the best it could be in this unique period.
Despite completing the assurance process remotely, the communication between Planday and the auditors went naturally which was a great motivational factor in the auditing process. In all interviews which were performed during the audit, Planday’s team presented themselves as motivated, enthusiastic, and open to making time to contribute to the audit. Every level of Planday’s organisation was involved in the audit, which made it a very diverse and informative audit testing process. The result was an efficient and effective audit.
Solution & results
The result was an efficient and effective SOC 2 audit, where Planday could offer assurance to their clients that had information security controls in place when processing the client’s data. The new audit period has started for the current year and both teams are looking forward to meeting each other in person, which will hopefully happen later this year.