ISAE 3000 Statement of Assurance

Henrik Szokody - Globeteam

Feel free to contact me if you want to hear more


Have your GDPR Compliance approved

Data processors often find that clients ask for an ISAE 3000 statement of assurance as documentation of the fact that they comply with GDPR. Globeteam’s consultants can help you structure and carry out an efficient process. 

As a data processor or sub-processor, can you document that you comply with the requirements of GDPR on data protection and IT security and that you are a credible collaborative partner? 

It is typically your clients who bear the responsibility for you handling personal data correctly, and, therefore, they will increasingly set requirements about you being able to document your IT security and GDPR compliance. If you deliver to public authorities, the requirement on documentation is written into most data-processing agreements. 

The easiest way to document that the security surrounding your delivery complies with the current GDPR law is to include it in a statement of assurance – a so-called ISAE 3000. This is used by data responsibles to cover use of data processors and sub-processors.


The advantages of an ISAE 3000 GDPR statement

 With an ISAE 3000 GDPR statement from an accountant, you can:


Globeteam’s consultants ensure an efficient process

The work involved in establishing security procedures, controls and measures can quickly become extensive and resource-demanding, especially if you do not know precisely what an accountant focuses on in its assessment.  

Globeteam offers to help you through the entire process towards an ISAE 3000 GDPR statement, and we can also ensure an annual renewal of the statement of assurance so that you continue to be at the forefront with GDPR. 

Our consultants have over 25 years of experience within IT revision and IT security work from the large accountancy firms, among others, and have reviewed formalised courses within information security and data protection and/or are certified in these areas. In addition, they have previously made this type of statement of assurance themselves, so they really do know the ins and outs of the requirements. 

Among others, our national and international courses/certifications include:  

This means that we can help you to reach your goal faster in less time and with less resources. We know what an accountant is looking for, and which minimum requirements have to be complied with in order to have an ISAE 3000 GDPR statement. We cut to the bones of the task and, at the same time, optimise your security costs and security setup. 

Of course, we can work with an accountant of your choice or recommend a partner in the accountancy business.  


This is how we tackle an ISAE 3000 GDPR project

We create an overview of which activities have to be carried out in order to get the statement, and we take responsibility for the work itself by establishing and documenting processes and workflows for how you have to manage, store and handle data. 

An end-to-end project contains the following steps: