Guru's Verification engine ensures consistency, confidence, and trust in the knowledge your organization shares. Learn more.

Product sheet Eye-share ISAE 3402

Logo Eye-share black text with slogan.png

Summary:

  • The ISAE 3402 report design is based on the International Standard on Assurance Engagement, ISAE 3402 (Assurance reports on control at a Service Organization)
  • The standard provides guidance on how to perform tests of controls and how to draw conclusions
  • The ISAE 3402 report is issued by an independent auditor
  • Internal controls are being tested throughout the period from 1st of January to 31st of October
    • For the fiscal year 2023 the controls are tested from February 1st to November 30th.
  • The annual ISAE 3402 Type 2 report is part of the service Eye-share AS provides for our customers.
  • The report will be made available for all active customers ASAP after delivery by the independent auditor.
    • For 2024, the report was published on December 20th.

Building customer trust through the annual ISAE 3402 type 2 attestation report

Increasing demand for quality and data security assurance from authorities as well as external and internal stakeholders in recent years, have affected how companies document their control over their data and records.

To build and strengthen the trust of its stakeholders, businesses must be able to document that they have systems and routines in place ensuring the law and regulations compliance together with control over major risks.

Why is third-party attestation of internal control necessary?

Due to the new players, partnerships, and vendors, in addition to the new regulatory changes, the data is now processed in larger parts of a value chain than ever before.
Since information is the new gold, it has become the main target for cyber criminals.

If the information is not handled and processed correctly or the service provider is unable to document an effective internal control environment, it can quickly escalate and end up on the front pages of the media. Not following the regulations might also result in a bad reputation and eventually high price to pay.

The annual ISAE 3402, type 2 report

Eye-share delivers important and critical systems and services for our customers and naturally, the clients as well as their auditors, need an independent third-party assurance report on the quality and effectiveness of Eye-share`s internal production environment controls.

The ISAE 3402 report provides such an assurance.

The main purpose of the report is to give the customer and their external auditor an attestation of Eye-share`s internal controls.

Eye-share’s ISAE-auditor, E&Y, performs an annual audit of internal controls on behalf of Eye-share AS.

The audit is based on the International Assurance Standard, ISAE 3402. – a standard for documenting that a service organization has adequate and effective internal controls implemented.

The audit scope includes processes for security, operations, and software engineering.

The report

  • Focuses formally on the design, implementation, and operational effectiveness of controls within Eye-share AS
  • Covers the period from 1st of January to 31st of October (Eye-share AS will issue a bridge letter to cover the period from 1st November to 31st of December)
    • For the fiscal year 2023 the period is shifted from February 1st to November 30th.
  • Is primarily used to support the financial audit process for Eye-share customers.
  • Contains a description of Eye-share’s control environment, its objectives and the key controls in place to achieve these objectives.
  • Contains test of control effectiveness and it`s results (type II report).
  • Is intended for use by Eye-share`s customers and their auditors.

Processes included in Eye-share`s ISAE 3402 report

  1. Identity & Access Management
  2. Security Management
  3. Change Management
  4. Incident Management
  5. Problem Management
  6. Business Continuity
  7. Service Configuration Management
  8. Event Management
  9. IT Application (ITACs) - Included from 2024

Note that links are internal.

  • Content is part of the report available for all customers.

What does the Eye-share ISAE 3402 report include?

An ISAE 3402 report consists of five chapters:

  1. Independent service auditor’s assurance report.
  2. Eye-share management statement.
  3. Description of Eye-share`s general control environment, including:
    1. Detailed description of Eye-share`s organization and business areas,
      1. internal control system and governance model
      2. corporate management system
    2. Processes and controls objectives included in the scope for each control objective, controls to ensure that the control objective is reached, are implemented.
      Each control is described in detail and forms the basis of the tests
  4. Description of the objectives and scope for E&Y’s examination; the type of tests and test samples used, and the results from testing.
  5. Additional information supplied by Eye-share.

The controls in scope are designed to address both quality, in terms of building the right product and building the product right, and risk, in terms of non-compliance to customer contracts.

What are the benefits?

Issuing the ISAE 3402 report declares that Eye-share has a framework of processes, and that we are adhering to contractual and regulatory responsibilities.
This reassures our customers and partners that they can trust us.

The ISAE 3402 report provides the customer with

  • Understanding of Eye-share`s control environment, which the customer has outsourced to Eye-share AS.
  • Basis for assessing internal controls and risk as a whole.
  • Confidence that controls are functioning as intended.
  • Reduced need for customer or customer`s auditor initiated audit and inspection at Eye-share AS.

For more information, contact Eye-share AS.

You must have Author or Collection Owner permission to create Guru Cards. Contact your team's Guru admins to use this template.