Tech

About Our ISO 27001 Certification And ISAE 3402 Type 1 Report

11. Nov 2020
One of our core value propositions consists in making sure that our infrastructure responds to the highest levels of security, confidentiality, and availability.
It is with this goal in mind that we passed our first ISO 27001 certification in 2017, and this year we added an ISAE 3402 audit, initially requested by one of our customers in the financial sector.

ISO 27001

ISO 27001 is a worldwide applied standard for the certification of an information security management system (ISMS). Its aim is to protect information based on an analysis of business risks regarding confidentiality, integrity and availability.
The certification is valid for three years. Every year there is a monitoring audit done by the certification authority. This year the three year period for the first certificate ended. In spite of the ongoing worldwide pandemic we were able to renew this certification earlier this year with excellent results.
The audit required for the renewal not only didn’t raise any concerns, but rather praised positively our KPIs for ISMS, our thorough integration of information security into every single step of our operations, and the overall commitment of management to the whole process.
Our certification is valid for the next three years, and you can download it for review.

ISAE 3402

Service providers are recommended to use a recognized auditing company on their own behalf, which annually reports in a standardized form on the functioning of their internal controls.
This is done in order not to have to repeatedly expose its confidential internal processes, procedures and methods.
The most important international standard for companies in the financial sector in Switzerland is ISAE 3402.
The International Standard on Assurance Engagements (ISAE) 3402 is an internationally accepted audit standard issued and maintained by the International Auditing and Assurance Standards Board (IAASB). The ISAE 3402 is divided into two categories: ISAE 3402 Type I only assesses the suitability or design of controls, i.e. the control design and implementation. While the ISAE 3402 Type II additionally also evaluates the effectiveness of the controls during the test period, i.e. their definition and concrete implementation.
The ISAE 3402 Assurance Report examines the definition and implementation of control objectives as well as the existence and effectiveness of controls. The basic prerequisite for a successful audit is a complete and up-to-date documentation of the company organization, the IT organization and ICS-related issues. This includes an assessment of the existence and effectiveness of the internal control system, including the IT organization and IT security.
ISAE 3402 reports provide substantial added value to FINMA regulated firms, which must ensure conformity to circulars regarding outsourcing, such as Rundschreiben 2008/21 and Rundschreiben 2018/3.
On June 2020 our ISAE 3402 Report Type 1 got audited by ERM Solution AG. We are currently planning the establishment of our Type 2 report by January next year. This report ensures and supports the legal audits of our financial customers.
If your company requires a yearly ISAE 3402 report for audit or revision, please contact our sales and marketing team.

More Information

If you would like to know more about the differences between ISO 27001 and ISAE 3402, please check this link.
We remain at your service for any enquiry. Contact us if you need more information.

Daniel Hauswirth

Daniel Hauswirth is CISO and DevOps Engineer in VSHN. He holds a BSc Hochschule Luzern/FHZ in Computer Science, and is working towards his MAS in Information and Cyber Security at HSLU.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt