ISAE 3402 / 3000

Information security in outsourcing

Get in touch
ISAE 3402 / 3000

Rients van Blanken

Security Consultant

Contact Us

With an ISAE certification, you demonstrate that the confidentiality of client information and processes in your organization is properly safeguarded. To receive the certificate you will need to implement and maintain an information security policy. Nestor Security supports you in implementing, auditing and maintaining your ISAE information security policy.

ISAE 3402 / 3000 services:
- ISAE 3402 / 3000 implementation
- Internal Audit
- ISMS management

ISAE 3402/3000 implementation

Implementing ISAE? Our consultants will guide you through this process. Before we start with the implementation we do a baseline measurement. Here we look at the presence and actuality of the current information security policy. With an analysis we identify the important risks and determine which improvements need to be made. In order to apply the standards from the ISAE 3402 or ISAE 3000 in the future, our auditor helps to establish an Information Security Management System (ISMS). The implementation is aimed at having your organization do as much as possible itself. That way it is easier to maintain the ISMS and achieve a positive result in the certification audits.

Internal audit

With an internal audit, we see if your ISMS is still up to date. This is necessary to keep information security up to date and in preparation for recertification. All our audits are performed under the supervision of a certified auditor. With a risk analysis we identify the points that are important for your organization at that time. As a result, you will receive an audit report with points for improvement. Need help applying these improvements? Our consultants will support you so that you are optimally prepared for your next certification.

1500

In total, our consultants have conducted more than 1,500 internal audits

ISAE management

Do you have an ISAE certification? If so, you want to maintain it. To do this, you must comply with the information security policy drawn up and keep it up to date. You can outsource this to us by using our service ISAE management.

When you use ISAE management, you no longer have to worry about your certification. We take the compliance and updating of your information security policy off your hands.

Among other things, we provide:

  • The planning and supervision of internal audits
  • Preparing for external audits
  • Picking up and handling security incidents according to guidelines from policy
  • The preparation and execution of quarterly meetings
  • Implementing new regulations
  • Advanced cyber security awareness level within your organization

Frequently Asked Questions

Is working to the ISAE standard mandatory?

For companies working with a financial institution, whose service affects the client's financial process, an ISAE 3402 statement is required by law.

How do I obtain ISAE certification?

To demonstrate that your organization complies with ISAE, you can request a statement after implementation. You obtain an ISAE statement by having your information security audited by a certified auditor. Enshore Security helps you implement the ISAE so that your organization meets the points that the auditor checks.

What does the implementation process look like?

The guidance begins with a kick-off to go through the implementation process. This ensures that your employees can continue to do their work normally, without experiencing inconvenience. After the kick-off, the process starts with a baseline measurement to gauge your organization's information security. A policy is drawn up based on the baseline measurement. This contains the measures that must be taken to bring your ISMS up to ISO standards. Then the implementation of operational measures by which we increase information security starts. This is carried out independently by your organization and monitored by us in subsequent appointments. Afterwards, the implementation is checked by means of a self-assessment. After completion with a positive self-assessment, you can apply for your audit at any certifying body to receive your certificate.