Home

Language

Solutions

Facilities Management

Real estate

ERP

Maintenance

Modules

Contact management

Servicedesk

IT Management

Reservations

Property management

Asset management

Contract management

Purchasing

Bidding and auctions

Maintenance

Online surveys

Project management

Time sheets

Employee management

Catalog management

Inventory management

Key management

Document management

Accounting

Strategic planning

Technology

Workflow management

CAD integration

User interface

Reporting

Import/export

Axxerion Script

Webservices

Security model

Open source

System requirements

Hosting

Axxerion Mobile

ISAE3402 Type II

Documentation

Datasheets

Example screens

System whitepaper

Workflow whitepaper

Hosting and security

Contact

Connected logo

Get Connected

Submit your question

Send us an email

Call or write

  Home Modules Technology Benefits Sales Clients Company News

ISAE3402 TYPE II

If you outsource information services you want assurance that appropriate risk management controls are in place. Axxerion has a ISAE3402 Type II certification for development and hosting of cloud-based software. This means that appropriate systems and procedures to control risks have been documented, implemented and effectively deployed according to an independent external auditor. ISAE3402 is an international standard that has replaced SAS 70 as of June 15, 2011. The controls apply to the following areas:

Configuration management: Controls ensure that logical and physical configuration items needed to deliver the service are properly registered and documented. This includes information on products, suppliers, warranty, physical location, dependencies and changes.
Incident management: Controls ensure that all incidents are registered, evaluated and resolved in a timely matter. This concerns monitoring, use of incident management workflows, problem management, deployment of patches, and continuous monitoring.
Change management: Controls ensure that changes to the application are authorized, tested and approved prior to being implemented to ensure a minimum impact on the service operation. This includes use of source code control systems, automated and manual testing, separate environments for development, testing, acceptance and production, and change management workflows.
Continuity management: Controls ensure that applications and databases are regularly backed up and available for restoration in the event of a loss of hardware, software, or data. This concerns the use of a certified datacenter, a disaster recovery site, source code escrow and monitoring.
Security management: Controls ensure that logical access to the hosting environment is restricted to properly authorized employees. This includes use of firewalls, data encryption, role-based access permissions, monitoring and audit trails.

An ISAE3402 TypeII certification is important for organizations that need to comply with the Sarbanes-Oxley Act (SOX compliance), such as all publicly registered companies under the jurisdiction of the Securities and Exchange Commission (SEC). Management not required to conduct an evaluation of a service organization controls but can request a copy of the auditor report.

Isae3402
Copyright © 2012 AxxerionDutch-English