ISAE 3402 TYPE II Certification

Since 13 January 2012, Collenda’s ASP solution has been audited and certified annually by an independent auditor in accordance with ISAE 3402 Type II.

Why is Collenda keen on being audited according to ISAE 3402 TYPE II?

The ISAE 3402 certification is comparable to a quality certificate. Erik Koch, MD Collenda Netherlands, states: ‘We learned about ISAE 3402 through one of our clients. When a company (partially) outsources IT, it is logical that they want to check the quality of the IT processes. ISAE 3402 is a specific quality standard for IT in financial institutions. By getting certified, we have proof that our ASP solution is a good and safe choice.”

What is ISAE 3402?

More and more companies are outsourcing activities to service providers like Collenda. These outsourced activities can affect the financial reporting of these organisations. Management and the auditor of that outsourcing organisation need to obtain some form of information about the controls over the activities outsourced to the service organisation.

To address the need of obtaining information on controls over outsourced activities, the International Standard on Assurance Engagements No. 3402 (ISAE 3402), Assurance Reports on Controls at a Service Organisation, has been introduced.

isae 3402 logo

An ISAE 3402 audit focuses on predefined internal processes and control measures within a service organisation. The scope of an ISAE 3402 audit is twofold: All processes that have an impact on the user organisation’s financial statements are included in the scope, and the service organisation itself can define processes to be included in the scope. An independent audit firm examines and reports on the design, existence and possible functioning of these processes.

The ISAE 3402 Type II Audit Report has been prepared for Collenda’s clients (user organisations) and their (external) auditors. Collenda hereby provides an insight into how the quality of the service is ensured. The external auditor’s opinion on the adequacy, design and existence of internal control is added.

Content of ISAE 3402 report

The ISAE 3402 audit report covers the core of Collenda’s services as a SaaS provider as defined in the Service Level Agreements (SLAs) and maintenance contracts with the clients and the technical management of the applications. The general IT controls aim to provide continuous and reliable information and apply exclusively to the clients using the SaaS services. The consulting services that Collenda provides are not part of these primary services and are therefore not part of the scope of the ISAE 3402 report.

The most important parts of Collenda’s core processes are the development and maintenance of our systems and applications and ensuring the continuity of the systems for our clients.

In addition to political aspects of risk management and quality, the ITIL processes (service level, incident, problem and change management) and the infrastructure of the SaaS solution were also audited.

Ensuring re-certification

Collenda puts great emphasis on quality and risk management. Several internal and external audits take place during the year in order to have the next ISAE 3402 Type II report prepared, which covers the current audit period. The certification shows that the planning and control measures in the audited years are working effectively for our organisation and the processes outsourced by clients to Collenda.

ISAE 3402 proofs

The ISAE report itself contains confidential information and can be requested by our clients. You can download the certificate of registration to ISAE 3402 as PDF-File:

For more information about ISAE 3402 and the register, visit the ISAE 3402 website.

Want to learn more?