Globeteam
ISAE 3000 Statement of Assurance
Feel free to contact me if you want to hear more
- Henrik Gissel Szokody
- hgs@globeteam.com
- +45 4245 8797
Home » Security » Compliance » ISAE 3000
Have your GDPR Compliance approved
Data processors often find that clients ask for an ISAE 3000 statement of assurance as documentation of the fact that they comply with GDPR. Globeteam’s consultants can help you structure and carry out an efficient process.
As a data processor or sub-processor, can you document that you comply with the requirements of GDPR on data protection and IT security and that you are a credible collaborative partner?
It is typically your clients who bear the responsibility for you handling personal data correctly, and, therefore, they will increasingly set requirements about you being able to document your IT security and GDPR compliance. If you deliver to public authorities, the requirement on documentation is written into most data-processing agreements.
The easiest way to document that the security surrounding your delivery complies with the current GDPR law is to include it in a statement of assurance – a so-called ISAE 3000. This is used by data responsibles to cover use of data processors and sub-processors.
The advantages of an ISAE 3000 GDPR statement
With an ISAE 3000 GDPR statement from an accountant, you can:
- Offer your clients a statement about the level of security as an expression of credibility and security in connection with the agreed delivery.
- Document a given security level which is a significant sales parameter and can be decisive for a client’s decision on choice of provider.
- Achieve internal awareness about IT security and which areas you might need to continue to work on.
- Ultimately, avoid damages to your reputation and risk of fines as a consequence of security violations and a lack of compliance with GDPR.
Globeteam’s consultants ensure an efficient process
The work involved in establishing security procedures, controls and measures can quickly become extensive and resource-demanding, especially if you do not know precisely what an accountant focuses on in its assessment.
Globeteam offers to help you through the entire process towards an ISAE 3000 GDPR statement, and we can also ensure an annual renewal of the statement of assurance so that you continue to be at the forefront with GDPR.
Our consultants have over 25 years of experience within IT revision and IT security work from the large accountancy firms, among others, and have reviewed formalised courses within information security and data protection and/or are certified in these areas. In addition, they have previously made this type of statement of assurance themselves, so they really do know the ins and outs of the requirements.
Among others, our national and international courses/certifications include:
- Certified ISO/IEC 27001 Lead Implementer
- Certified in the Governance of Enterprise It
- Certified Information Systems Auditor
- Certified in Risk and Information Systems Control
- Uddannet i GDPR/persondatabeskyttelse
- Certified Data Privacy Solutions Engineer
This means that we can help you to reach your goal faster in less time and with less resources. We know what an accountant is looking for, and which minimum requirements have to be complied with in order to have an ISAE 3000 GDPR statement. We cut to the bones of the task and, at the same time, optimise your security costs and security setup.
Of course, we can work with an accountant of your choice or recommend a partner in the accountancy business.
This is how we tackle an ISAE 3000 GDPR project
We create an overview of which activities have to be carried out in order to get the statement, and we take responsibility for the work itself by establishing and documenting processes and workflows for how you have to manage, store and handle data.
An end-to-end project contains the following steps:
- Establishing a project framework/objective: setting objectives, milestones, rules, overall task distribution and project finances and solution model.
- Carrying out a maturity assessment/gap analysis: identification of areas within the company that fulfil and deviate from the project’s objectives.
- Establishing and approving the project plan for solutions: if potential deviations in the maturity assessment have been identified, we establish a solution proposal.
- Carrying out a solution plan: the solution plan is carried out according to an agreed upon task distribution between Globeteam and the client, and will also involve an accountant at relevant stages.
- Development of a statement of assurance: in collaboration with the client, we can develop a draft for the statement of assurance and coordinate the course of the project with the accountant up until having the signed statement.
- Project evaluation: a collective evaluation of the project’s fulfilment of objectives based on the project frameworks is developed along with a proposal on how to adjust the coming year’s project.