Sentia Denmark strengthens compliance with ISAE 3000
27 June 2019
In a market with increasing legal requirements, Sentia Denmark takes the continuous refinement of offerings very serious – especially when it comes to our own and customers’ compliance.
It is essential to Sentia Denmark that you can trust in our compliance with current and future regulation and we are very keen on taking steps to document our professional processing of personally identifiable data.
Our most recent certification, ISAE 3000 is an addition to the existing ISAE 3402 type 2 statement. Here, the independent auditor Grant Thornton assess and evaluate Sentia Denmark's controls in relations to the decrees in GDPR, accounting law, personal data law, Service Level Agreement terms or standard information security. The remark-free report for the period 25 May 2018 to 31 December is now available.
Why should you look for a Managed Cloud Service Provider with an ISAE 3000 certification?
If you are considering outsourcing IT operations, the GDPR recommends that you work with partners that are certified data processors. A provider that has been audited by third-party and independent IT auditor is your guarantee that it fulfils the high requirements that you expect from a modern and secure IT provider.
The statement of assurance is your proof that the provider’s systems of control are reviewed annually – a seal of approval of the self-control of quality, operations, security, preparedness, competencies and processes.
It provides your opportunity to receive tangible evidence that the provider keeps up with the development of regulations. The legislation is not static and keeps evolving as the market demands rise. The same goes for auditors’ statements which means that you can control that your provider follows and adheres to legislation.
ISAE 3000 - explained
ISAE 3000 reviews the providers controls of personal data processing and management, SLA’s or outsourcing contract and assesses to what degree the current legal requirements are complied with. GDPR means that a new set of controls of the processing of personal data is to be accounted for.
The statement covers specific actions e.g. GDPR, the outsourcing statement or contractual obligations with customers. These areas along with related documentation are reviewed and auditor provides a full assessment on how reassuring the areas are managed by the provider.
Contact our experts!
More about this topic? Contact our experts to find out!