Category: Advisory

SECURANCE advises Fujitsu Netherlands

SECURANCE advises

Fujitsu Netherlands


SECURANCE will support Fujitsu Netherlands in implementing ISAE 3402. Fujitsu is a global provider of dynamic IT infrastructures. More than 170,000 Fujitsu employees support customers locally in 70 countries. Fujitsu’s headquarters are located in Tokyo.

Fujitsu

Fujitsu Netherlands offers a one-stop-shop of standardised products and services for desktop and data centre environments. Based on the customer’s needs, these building blocks are combined into a reliable ICT solution that fits like a tailored suit, can quickly adapt to changing capacity requirements, and, if desired, is also managed by Fujitsu. Due to its commitment to environmental conservation and corporate social responsibility, Fujitsu is included in the Dow Jones Sustainability World Index and the FTSE4Good Index.

ISAE 3402 and Cloud Service Providers

As of December 2014, the original COSO framework was replaced by COSO 2013. The Dutch Central Bank has made CObit 4.1 and its included maturity model mandatory in the information security assessment framework. Due to these developments, multinationals increasingly demand ISAE 3402 from cloud service providers in addition to SaaS providers. This trend is supported by the fact that the number of registered Cloud Service providers in the ISAE 3402 register increased from about 40 to 80 within a year.

Fujitsu and SECURANCE

Emile ten Hoor is delighted that SECURANCE has been selected as the assurance and security advisor for Fujitsu and to support this global organisation in obtaining the ISAE 3402 certificate. Within our current portfolio of SaaS and hosting providers, asset managers, and pension administrators, Fujitsu is a welcome addition. We are keen to be part of Fujitsu’s commitment to social responsibility and sustainability vision.

ISAE 3402 and Sustainability

We are highly motivated and enthusiastic to support Fujitsu in this process and demonstrate that Fujitsu also meets the ‘strict requirements’ and rigorous scrutiny that an ISAE 3402 audit entails. We support every professionalisation effort and strive for better security and control in the ICT sector.

5 benefits of ISO 27001

5 benefits of ISO 27001

ISO 27001 is the standard for information security management systems. It is the only auditable international standard for this. ISO 27001 includes policies, practices, developments, and systems that manage information risks, such as cyberattacks, data breaches, theft, or data hacks. But what are the benefits for your organisation?

1. Lower risk of fines

The global benchmark has accepted the ISO 27001 standard for effective management of information assets. By adhering to data protection requirements, the organisation reduces the risk of fines. Consequently, potential financial losses due to data breaches are also mitigated.

2. Protection of reputation

There is a global increase in cyberattacks. These attacks can have a significant impact on an organisation and its reputation. As ISO 27001 protects the organisation against these cyberattacks, it also indirectly safeguards the organisation’s reputation.

3. Compliance with various regulatory requirements

ISO 27001 certification complies with stringent legal requirements such as the GDPR (General Data Protection Regulation), the NIS Directive (Directive on Security of Network and Information Systems), and other cybersecurity laws.

4. Structure and focus

Rapid growth within an organisation can quickly lead to confusion over responsibility for information assets. ISO 27001 can establish clear responsibilities for information risks.

5. The necessity for frequent audits is reduced.

ISO 27001 certification is globally accepted and demonstrates effective security, reducing the need for repeated client audits.

How can a SOC audit increase profits?

How can a SOC audit increase profits?


Many organisations focus primarily on their core competencies and outsource the rest. Common examples include payroll administration and technological infrastructure. Dependence on these services is increasing as many industries and businesses become interconnected.

Several stakeholders examine SOC reports. When a SOC audit report appears ‘correct,’ it distinguishes an organisation from its competitors and can provide operational credibility. Stakeholders mainly look at the following variables:

  • Assurance over security activities
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

Investing in a SOC audit offers advantages. Organisations not only retain more customers but can also attract new ones. Consequently, this can lead to maintaining or even increasing profits.

To achieve a successful SOC audit, an organisation must have an efficient operational environment. This allows the organisation to perform effective controls. Some organisations may need to do a lot of work to achieve a successful SOC audit. This is often because not only a small part of the environments needs to be adjusted, but entire environments may need to be redesigned. This is often the turning point where many organisations lose focus. They forget the value a SOC audit can bring, which is why it is important for organisations to maintain an investment focus.

Securance can assist with this. Risklane offers services in governance, risk, and compliance. Since 2014, Securance has been the market leader and most innovative organisation regarding ISAE 3402 implementation and certification. In addition to ISAE 3402, we offer services for ISAE 3000, GDPR/AVG, ISO 27001, ISO 9001, and COSO ERM

Outsourcing trends

Outsourcing trends


Organisations are continually seeking ways to leverage competitive advantage to expand markets and increase profits. Increasingly, they are outsourcing non-core activities. Nevertheless, management remains ultimately responsible for risk management and implementing an effective control framework. This has led to a greater demand for assurance standards such as ISAE 3402 or ISAE 3000 for activities performed by third parties.

History

For much of the 20th century, the most popular business model was the large integrated company that managed and controlled its assets directly, focusing on diversification to broaden its business base and benefit from economies of scale. Many large companies developed a new strategy to concentrate on their core activities, enhancing flexibility and creativity. This required identifying critical processes and deciding which processes could be outsourced.

Outsourcing

Due to globalisation, increased competition, and cost pressures, organisations are outsourcing more essential business functions to service providers. Outsourcing core processes has a direct impact on a company’s financial statements and key business processes. It is no longer limited to routine back-office tasks. How can organisations gain confidence in outsourced business processes? How can they ensure control and assurance over these outsourced processes?

The increase in outsourcing, especially of crucial business information, also brings heightened risks and security concerns. Organisations may face operational, financial, or even reputational damage due to security shortcomings of external service providers. An independent review of critical outsourced business processes or IT systems helps organisations identify and manage these risks and regain assurance over outsourced processes.

The most common reasons for outsourcing are:

  • Control and reduce operating costs
  • Improve focus on core business processes
  • Access world-class capabilities
  • Free up internal resources for other purposes
  • Increase efficiency in specific functions
  • Insufficient internal resources
  • Share risk with other organisations

The current phase in the evolution of outsourcing involves strategic partnerships. Until recently, it was taken for granted that organisations could not outsource core competencies. This has changed, and ISAE 3402/SOC1 or ISAE 3000/SOC2 has become commonplace.