We have renewed our ISAE 3402 – and added ISAE 3000
At itpilot, we take responsibility for the solutions we develop and operate. This applies not only to functionality and stable operation. It also applies to the way we process and protect data, both when it is stored and exchanged between systems.
Therefore, we have renewed our ISAE 3402 Type 2 statement again this year, and this year we have also chosen to expand with an ISAE 3000 statement, which documents that we have control over our data processing processes and comply with GDPR in practice.
Documented control and safety
For many years, we have had an ISAE 3402 statement, which covers our work with the development, operation and management of business-critical systems, including solutions with ERP integrations, customer-specific functionality and hosting.
The ISAE 3402 Type 2 statement means that an independent auditor has assessed both the design and actual operation of our internal controls over a 12-month period. This is your assurance that processes such as access control, change management, backup and operational stability are in place.
The declaration is renewed every year – and of course it has been renewed again this year.
New this year: ISAE 3000 with focus on GDPR and data protection
This year we have also chosen to have an ISAE 3000 statement (Type 2) prepared, which documents our work with data protection and GDPR compliance.
Data security and GDPR have long been a major focus area for us, and it has been a permanent part of our way of working, both technically and organizationally. It is therefore not new to us. However, with the ISAE 3000 statement, we have now had it assessed and confirmed by an independent auditor.
The statement documents that we have control over access management and role-based control, handling and storage of personal data, logging and documentation, internal policies for information security, and ongoing evaluation of our controls.
ISAE 3000 Type 2 covers – like our ISAE 3402 – a 12-month period.
Read more about what an ISAE 3000 statement is here.
Security and transparency
It is important to us that our customers can trust that their data and systems are in good hands. The ISAE statements help to create that reassurance. With the ISAE statements, it is not just something we say – it is something we have documented and validated by an external auditor.
For you as a customer, this means that you can easily and securely use our documentation in your own compliance and supervision work.
Do you want to know more?
We are of course happy to share content from our ISAE statements if you need documentation in connection with, for example, a data processing agreement, audit or customer requirements.
Read more about our certifications here, or contact us on +45 87 25 07 87 or via the contact form if you would like to hear more.
