CapaSystems’ ISAE FAQ
CapaSystems has obtained an ISAE 3000 statement for CapaOne. This FAQ covers what the ISAE 3000 statement includes and how we protect your data.
What does ISAE stand for?
ISAE stands for International Standard on Assurance Engagements. An ISAE report is prepared by an independent certified auditor who assesses a service provider’s relevant and agreed-upon processes and procedures.
What does an ISAE report contain?
ISAE reports describe how a service provider’s systems and organizational controls operate and how effective they are.
Are ISAE reports necessary?
ISAE reports are not mandatory, but they are developed to give customers the assurance they seek from a service provider. The report is prepared after an auditor review.
See our full security report here:
ISAE 3000
FAQ
4 reasons to choose a provider with an ISAE 3000 GDPR statement
What is the purpose of ISAE 3000?
A service provider that has obtained an ISAE report can demonstrate the reliability of its services. The report serves as a quality seal, showing that an independent auditor has reviewed and assessed that data is handled confidentially, at a high-security level, and that any risks are properly documented and controlled.
Why choose a service provider with ISAE certification?
At CapaSystems, our customers should be able to trust that there are no additional risks associated with entrusting parts of their business and data to us. Therefore, we are committed to working with a certified auditor to obtain an ISAE 3000 report as part of our ongoing annual compliance and information security efforts.
What is an ISAE report on GDPR and data processing?
An ISAE 3000 report can cover any control that is agreed upon between the service provider and an independent auditor.
At CapaSystems, we have voluntarily chosen to have an independent external auditor review our handling of customer data. This independence ensures the objectivity of our ISAE 3000 GDPR report, which documents the effectiveness of our internal processes and controls. The auditor has confirmed our compliance with GDPR internally and in relation to external parties. As a data controller, you thus gain assurance that your data is being processed in accordance with applicable regulations.
ISAE vs. ISO 2700X
ISO 2700X certifications have previously been the standard for information security. However, as the threat landscape changes, it becomes necessary for companies to achieve a broader level of protection. ISO 27001 primarily focuses on the design of controls, while ISO 27002 guides implementation. ISAE reports are based on these ISO controls but also offer the opportunity to test their effectiveness.