Category: Assurance

Student Experience receives ISAE 3402 reporting

Student Experience receives

– ISAE 3402 reporting

As of January 2017, Student Experience Beheer B.V. holds an ISAE 3402 Type II report. This demonstrates that Student Experience meets high-quality standards and that its processes are in order according to international norms.

Johan Verweij, CEO of Student Experience: “We are very proud of achieving this certification. By obtaining this, the opportunities to collaborate with financial institutions and institutional investors supervised by the DNB or AFM are expanded. It enables us to continue the growth of Student Experience.”

Koen van der Aa, senior consultant at SECURANCE, the consultancy firm that conducted the audit: “Student Experience is a professional organisation that thinks in terms of possibilities and creates solutions for complex issues, leading them to innovative practices. Student Experience has standardised its internal procedures and implemented a solid risk management framework in a short period.”

By obtaining the ISAE 3402 report, Student Experience ensures that clients have insight into how processes and risks are managed. This ISAE 3402 Type II report covers the management and maintenance activities of Student Experience for its clients. The report concerns the processes that impact the financial statements of the user organisations. It includes how risks are identified and whether measures are effectively designed to manage risks.

SECURANCE advises Fujitsu Netherlands

SECURANCE advises

Fujitsu Netherlands


SECURANCE will support Fujitsu Netherlands in implementing ISAE 3402. Fujitsu is a global provider of dynamic IT infrastructures. More than 170,000 Fujitsu employees support customers locally in 70 countries. Fujitsu’s headquarters are located in Tokyo.

Fujitsu

Fujitsu Netherlands offers a one-stop-shop of standardised products and services for desktop and data centre environments. Based on the customer’s needs, these building blocks are combined into a reliable ICT solution that fits like a tailored suit, can quickly adapt to changing capacity requirements, and, if desired, is also managed by Fujitsu. Due to its commitment to environmental conservation and corporate social responsibility, Fujitsu is included in the Dow Jones Sustainability World Index and the FTSE4Good Index.

ISAE 3402 and Cloud Service Providers

As of December 2014, the original COSO framework was replaced by COSO 2013. The Dutch Central Bank has made CObit 4.1 and its included maturity model mandatory in the information security assessment framework. Due to these developments, multinationals increasingly demand ISAE 3402 from cloud service providers in addition to SaaS providers. This trend is supported by the fact that the number of registered Cloud Service providers in the ISAE 3402 register increased from about 40 to 80 within a year.

Fujitsu and SECURANCE

Emile ten Hoor is delighted that SECURANCE has been selected as the assurance and security advisor for Fujitsu and to support this global organisation in obtaining the ISAE 3402 certificate. Within our current portfolio of SaaS and hosting providers, asset managers, and pension administrators, Fujitsu is a welcome addition. We are keen to be part of Fujitsu’s commitment to social responsibility and sustainability vision.

ISAE 3402 and Sustainability

We are highly motivated and enthusiastic to support Fujitsu in this process and demonstrate that Fujitsu also meets the ‘strict requirements’ and rigorous scrutiny that an ISAE 3402 audit entails. We support every professionalisation effort and strive for better security and control in the ICT sector.

5 benefits of ISO 27001

5 benefits of ISO 27001

ISO 27001 is the standard for information security management systems. It is the only auditable international standard for this. ISO 27001 includes policies, practices, developments, and systems that manage information risks, such as cyberattacks, data breaches, theft, or data hacks. But what are the benefits for your organisation?

1. Lower risk of fines

The global benchmark has accepted the ISO 27001 standard for effective management of information assets. By adhering to data protection requirements, the organisation reduces the risk of fines. Consequently, potential financial losses due to data breaches are also mitigated.

2. Protection of reputation

There is a global increase in cyberattacks. These attacks can have a significant impact on an organisation and its reputation. As ISO 27001 protects the organisation against these cyberattacks, it also indirectly safeguards the organisation’s reputation.

3. Compliance with various regulatory requirements

ISO 27001 certification complies with stringent legal requirements such as the GDPR (General Data Protection Regulation), the NIS Directive (Directive on Security of Network and Information Systems), and other cybersecurity laws.

4. Structure and focus

Rapid growth within an organisation can quickly lead to confusion over responsibility for information assets. ISO 27001 can establish clear responsibilities for information risks.

5. The necessity for frequent audits is reduced.

ISO 27001 certification is globally accepted and demonstrates effective security, reducing the need for repeated client audits.

How can a SOC audit increase profits?

How can a SOC audit increase profits?


Many organisations focus primarily on their core competencies and outsource the rest. Common examples include payroll administration and technological infrastructure. Dependence on these services is increasing as many industries and businesses become interconnected.

Several stakeholders examine SOC reports. When a SOC audit report appears ‘correct,’ it distinguishes an organisation from its competitors and can provide operational credibility. Stakeholders mainly look at the following variables:

  • Assurance over security activities
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

Investing in a SOC audit offers advantages. Organisations not only retain more customers but can also attract new ones. Consequently, this can lead to maintaining or even increasing profits.

To achieve a successful SOC audit, an organisation must have an efficient operational environment. This allows the organisation to perform effective controls. Some organisations may need to do a lot of work to achieve a successful SOC audit. This is often because not only a small part of the environments needs to be adjusted, but entire environments may need to be redesigned. This is often the turning point where many organisations lose focus. They forget the value a SOC audit can bring, which is why it is important for organisations to maintain an investment focus.

Securance can assist with this. Risklane offers services in governance, risk, and compliance. Since 2014, Securance has been the market leader and most innovative organisation regarding ISAE 3402 implementation and certification. In addition to ISAE 3402, we offer services for ISAE 3000, GDPR/AVG, ISO 27001, ISO 9001, and COSO ERM