Questions and Answers

Common questions on rapidly changing compliance regulations

Get A Fixed Fee Quote Today Request a Free Quote

ISAE 3402, The International Standard on Assurance Engagements, was put forth by the International Auditing and Assurance Standards Board (IAASB), a standard-setting board within the International Federation of Accountants (IFAC). ISAE 3402 essentially becomes the new globally recognized standard for assurance reporting on service organizations.  As a result of the issuance of ISAE 3402, auditors now have the ability to use a globally accepted framework, whereas in the past, Statement on Auditing Standards No. 70 (SAS 70) was the de facto standard that was largely used. ISAE 3402, much like that of the U.S. SSAE 16 standard, requires management to provide a description of its "system" along with proving a written statement of assertion by management.

And much like SAS 70 and the SSAE 16 standard, ISAE 3402 reporting will result in the issuance of Type 1 or a Type 2 report by a service auditor.  If service organizations decide to utilize the ISAE 3402 framework for reporting on controls, they should seek out a well-qualified CPA firm to assist in these matters. Additionally, an ISAE 3402 Readiness Assessment should be undertaken for ensuring service organizations are aware of the changes necessary for complying with the ISAE 3402 standard.  Learn more about NDNB's complimentary SOC 1 Policy Packets and SOC 2 Policy PacketsThey truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.

Additionally, you can visit the ISAE 3402 Resource Guide, developed by NDNB Accountants & Consultants, to learn more.

Since 2006, NDNB has been setting the standard for security & compliance regulations