Arguably the biggest question with outsourcing data is how it is handled externally. The solution to prevent mishaps as much as possible are specific certificates that focus on digital security and the handling of data. ISAE 3402 is widely recognized as a certificate that offers customers and would-be customers valuable insight into the organization that they outsource their data to. WorkFlowWise has now achieved the ISAE 3402 Type I certification.
Contrary to other certificates, with ISAE 3402 the organization itself is responsible for the suitable design of controls. An independent audit is carried out to test the controls and to assess them as satisfactory or not.
All of the controls described in the WorkFlowWise report were assessed satisfactory! That doesn’t happen very often.
To achieve ISAE 3402 Type II, the same controls are assessed again at a later stage.
The scope of ISAE 3402 at WorkFlowWise
With ISAE 3402 the organization itself determines the scope, so it is possible to go beyond the scope of financially related controls. The WorkFlowWise ISEA 3402 report relates to our software as well as the full service. This includes all the possible integrations with external systems that may be related to finance, HR, sales, or otherwise. As long as there is an exchange of data between the systems.
By including these in the audited report, we can ensure that both internal and external risks are extremely limited.
ISAE 3402 Type II
The next step is the ISAE 3402 Type II certificate. This is the assessment of Type I after a certain period of time. We will continue to audit this report annually, so that it can be verified that we are not only in control right now, but also remain so.