More and more companies make the strategic decision to outsource part of their business processes (from HR and logistics to IT and administration) to specialised service organisations. Some of these processes are of such importance that the customer requires certainty or Assurance about the quality of the services provided. If you are a service-providing organisation, you can therefore distinguish your organisation from its competitors by proactively providing accountability for your services. Our IT auditors are familiar with practically all (inter)national Assurance standards and would be happy to help you with any Assurance matters.
Assurance reports ISAE3402, SOC and SOC2
In order to provide Assurance, your service organisation needs a report that describes the risk management and internal control regarding the specific services. Depending on what your organisation wishes to provide accountability about, different kinds of reports are possible.
- ISAE3402, comparable to SOC1 reports, are drawn up in aid of the audit of the annual accounts of your clients. This report allows your clients’ accountant to weigh the quality of your services in the context of their audit of the annual accounts. The scope of this report is therefore limited to what is relevant for the audit by the accountant.
- A SOC2 report is intended to provide a wider scope of Assurance to your clients, regarding the quality (e.g. security, continuity or integrity) of your services.
- SOC for cybersecurity is intended to provide accountability about the cybersecurity program of your service organisation, in order to build trust with your clients, in this specific area.
- The Privacy Control Framework is a Dutch standard for providing Assurance to clients and other stakeholders regarding the level of privacy control within your service organisation.
Advisory and audit
Baker Tilly is your perfect partner for any issues concerning Assurance. We can help you draw up the initial reports and prepare your organisation. We can also carry out a preliminary assessment to determine your organisation’s current position. In addition to such advisory services, we can of course also perform the actual audits required to provide the certificate , in our role as independent auditors.