"My relationship with Conclude Accountants / Risklane goes back some time. Both now and in previous projects, I have experienced the expertise, pragmatism and cooperation as very pleasant. Because we planned to achieve both the ISAE 3402 and the ISAE 3000 within one year, it was essential that we as partners could count on each other. The fact that Risklane / Conclude Accountants has established itself as a sparring partner during the implementation has helped us a lot. This partnership, in combination with the willingness to change, commitment, and motivation of all Axians employees involved, has ensured that we have been able to achieve this result within time and the budget.

A result that both Risklane / Conclude Accountants and Axians can be proud of!"

- Dennis van Hoof, Quality & Risk manager Axians

Summary

Axians is a dedicated ICT brand of VINCI Energies, specialized in IT solutions and services. They support a broad range of clients consisting out of private businesses, public organizations, government agencies, operators, and service providers. Axians offers a broad portfolio of IT solutions and services: business applications and data analytics, enterprise networks and digital workplaces, datacentre and cloud services, telecommunications infrastructure, and cybersecurity.

Axians uses the best technology for their clients to grow and compete in a constantly fluctuating market. People are more important than technology; the human touch is key for Axians.

Challenge

Organizations are increasingly outsourcing services and processes to service providers. Besides, the complexity of laws and regulations has increased. The outsourcing organizations remain responsible for their data and services. This caused a significant rise in the popularity of assurance reports that can provide reasonable assurance that service organizations are in control of their risks. Due to the fact that Axians is constantly striving to supply their clients with qualitative reliable services with the lowest possible risks, it is even more important to implement the ISAE 3402 | SOC 2 Type II report.

The biggest challenge Risklane faced at Axians was to separate the structures performed on a European or global scale, and which processes were performed within Axians Netherlands. The location of the supportive activities performed by Axians, such as the logical access management and the security of external links, have a major impact on the scope of the Axians Netherlands report.

In the end, our goal was not only to provide Axians with a state-of-the-art ISAE 3402 | SOC 2 Type II report but also to support them in taking the step towards risk leadership. Risk leadership is what we define as a critical shift in thinking, where risks are opportunities for improvement which should be met head-on instead of being worked around. As it turned out, this way of thinking matched perfectly with the agile and innovative thinking Axians is known for by their clients.

Solution

Knowing that more organizations are outsourcing their services Axians partnered with Risklane to achieve ISAE 3402 Type II | SOC 2 Type II which are complementary to ISO-certification as ISO 9001, ISO 20000, and ISO 27001. Risklane’s projects always aim to combine the highest standard of reporting in the market with descriptions and processes that are both recognizable for Axians as well as their clients. This required us to get to know Axians' processes as if they were our own. Through intensive interviews with their employees, we not only succeeded in getting to know the Axians processes but also pinpoint the risks. Knowing the risks we can efficiently describe the control objectives and define effective controls. Our extensive knowledge of the outsourcing services market often allows us to advise our clients about efficiency drives in operations, registration processes, and risk management.

Results

The cooperation between Axians and Risklane resulted in achieving ISAE 3402 Type II and SOC 2 Type II. The result is a direct effect on the business for Axians as it will offer client organizations more certainty that processes are optimized and demonstrable setup and controlled including potential risks. In the end, the reports are successfully audit by Conclude Accountants.