QATAR document attestation process

ISAE 3402 - Renewed certification confirms the sustainability of SEEBURGER AG as a cloud provider

ISAE 3402 attestation SOC 1 - SEEBURGER has successfully passed the test again. This makes it much easier for our customers to provide the relevant security and data protection evidence for auditors. All other advantages for SEEBURGER cloud customers can be found here clearly summarized.

ISAE 34202 - Trust is good, control is better!

Modern companies today get their IT from the cloud. Companies do everything in their power to continuously optimize the resources they need to achieve their business goals. This is not only understandable, but also part of their duty. Another duty is to ensure security and compliance with internal and external rules and laws. Companies must therefore set up an internal control system (ICS) that anchors effective controls in their processes and offers sufficient guarantees that the correctness of the processes is guaranteed.

If a company now outsources business-relevant functions to the cloud, the responsibilities for proper processing are not automatically outsourced. You stay with the company and present it with a difficult challenge: How can the company ensure that the service provider complies with controls, maintains the separation of functions and protects access to data?

Auditors who have to assess the effectiveness of the ICS in the company also want to examine the outsourced IT functions more closely. The existence of a Service Level Agreement (SLA) and regular reports on the services are not sufficient here. Rather, the auditors insist on the existence of one ISAE 3402 test report. ISAE is the abbreviation for "International Standard on Assurance Engagements" and certifies the control system of the service provider as a whole. In this context, the ISAE test report has become more or less the Standard for outsourcing service providers developed. The attached graphic illustrates the relationship.

ISAE 3402 SOC 1 confirms the effectiveness of the internal control system of SEEBURGER AG

The annual audit of the International Standard on Assurance Engagements (ISAE) 3402 SOC 1 focused on the following Processes for the provision of outsourcing services for our customers

  • Risk management
  • User & Access Management
  • Physical security
  • Backup & recovery
  • Business Continuity Management

as well as the cloud service operating processes

  • Go Live Process
  • Event management
  • Incident Management
  • Change management

The Auditor for a leading auditing and consulting firm spent three weeks retrospectively evaluating large numbers of samples from an entire year. The random samples were selected on the basis of the defined processes and control objectives of the above-mentioned subject areas. If deviations were found, the possible deviation was verified by additional random samples.

The procedure makes it clear that at ISAE it is not sufficient to guarantee proper operation only at the time of the test, as is the case with many other certifications, in which only key date observations (snapshots) are made. ISAE requires a service provider to provide the Control objectives met at all times and full evidence of compliance submits.

SEEBURGER AG has again successfully passed the International Standard on Assurance Engagements (ISAE) 3402 SOC 1 test and thus the Effectiveness of your internal control system (ICS) successfully proven.

ISAE 3402 certification - the advantages for our customers

  • The customer receives proof of a independent Testing institute that its sensitive business processes at SEEBURGER are secure.
  • The successful audit is confirmed best possible security and data protection with SEEBURGER as a trustworthy provider.
  • This simplifies theEvidence of clients to their own clients and auditors significantly because
    • A reliability check is no longer necessary for the outsourced processes (as verified by the certification).
    • the effectiveness of these processes will no longer have to be proven individually in the future.
  • The ISAE certification ensures that this internal control system works, i.e. that it is (a) methodologically suitable to ensure that all employees in the company behave properly and that this (b) proven in many samples

The renewed certification according to ISAE 3402 offers our customers the peace of mind that their data is in the best of hands with us.

ISAE 3402 certification - more security with SEEBURGER

The SEEBURGER ISAE 3402 (SOC 1) certificate is a valuable one for our customers Document proving the effectiveness of the internal control system of the SEEBURGER cloud services. Ultimately, the audits and processes that are required in advance for an attestation also result in the Operational safety significantly increased. In order to be able to react appropriately to constantly increasing security requirements as well as rapidly changing and increasingly complex threat situations, SEEBURGER has developed an internal control system (IKS) according to COSO (Committee of Sponsoring Organizations of the Treadway Commission) as a central management process. This ensures that the system is integrated into the business processes in the application area and that the responsibilities are defined.

The purpose of the internal control system is to protect all information that is received, generated, distributed, archived and destroyed in the course of business activities in accordance with legal provisions, national and international standards, internal company standards and contractual obligations.

ISAE 3402 Attestation - Automated processes simplify future monitoring of control objectives

Even before the introduction of ISAE certification, the SEEBURGER operations team asked itself the following question: How can an internal control system be set up without causing enormous manual control effort? The answer sounds as banal as it is simple: Through extensive automation! SEEBURGER has therefore integrated the monitoring of its control objectives directly into its business processes and cloud organization right from the start.

With self-developed applications For example, all access to the cloud systems is centrally controlled, monitored and seamlessly documented. A automated monitoring and reporting system monitors compliance with each individual control - many thousands of times a day. With this high degree of automation, SEEBURGER was able to reduce the manual effort to such an extent that the additional effort for the controls, their implementation and testing could be more than compensated.

Dr. Martin Kuntz, Chief Cloud Officer: “At SEEBURGER we pursue the extensive automation of complex control objectives less for the sake of certification, but primarily for the purpose of Optimization of business processes and organizational structures. This almost automatically results in economically sensible synergies and qualitative improvements for our customers ".

Martin Kuntz continues: “Another, rather unexpected, positive side effect is that the high degree of automation, the increasing effectiveness of the internal processes and the internal continuous improvement process in practice Increased motivation of the operating staff to have. The employees can concentrate more on their core tasks and are relieved of annoying documentation tasks ".

Thank you for your message

Thank you for your interest in SEEBURGER

Share this post, choose your platform!