ISAE 3402 declaration


ISAE 3402 Type II and Zenegy

Zenegy ApS has prepared and issued an audit statement regarding the implemented general IT controls at Zenegy as per 1'st July 2020 to 30th June 2021.The statement is issued by an independent auditor, PWC, and follows the auditing standard ISAE 3402 Type 2.

The control objectives of the declaration relate to the following main areas:

  1. IT Governance – Management Direction for Information Security
  2. HR Management
  3. Access Management – Physical access
  4. Access Management – Backend access
  5. Access Management – Frontend access
  6. Incident and problem management
  7. Communication with customers
  8. Change and release management
  9. Knowledge management
  10. Field and business logic
  11. Business continuity
  12. Third party management
  13. API and secure communication

What is the ISAE 3402 declaration?

An auditor's statement of the type ISAE 3402 documents proper IT conditions at a company and serves as proof that the company complies with legal requirements and good IT practice.

An ISAE 3402 statement provides an overview of the general state of the company's IT organisation. The statement relates to all business processes around the IT function which are part of or may affect the financial reporting: Development, operation, preparedness, documentation, etc. The ISAE declaration also relates to the completely low-practice, such as the physical conditions, such as how servers / data centers are located, accesses, etc.

In connection with the issuance of an ISAE declaration, the audit firm reviews the documentation and conducts random checks of the various areas (mentioned above). This results in a report and statement from the audit firm based on the observations and checks that are made at the firm.


If you have any further questions regarding Zenegy's ISAE 3402 statement, please feel free to contact us.