ISAE 3402 declaration
ISAE 3402 Type II and Zenegy
Zenegy ApS has prepared and issued an audit statement regarding the implemented general IT controls at Zenegy as per the 39th June 2019 to 30th June 2020.The statement is issued by an independent auditor, PWC, and follows the auditing standard ISAE 3402 Type 2.
The control objectives of the declaration relate to the following main areas:
- IT Governance – Management Direction for Information Security
- HR Management
- Access Management – Physical access
- Access Management – Backend access
- Access Management – Frontend access
- Incident and problem management
- Communication with customers
- Change and release management
- Knowledge management
- Field and business logic
- Business continuity
- Third party management
- API and secure communication
What is the ISAE 3402 declaration?
An auditor's statement of the type ISAE 3402 documents proper IT conditions at a company and serves as proof that the company complies with legal requirements and good IT practice.
An ISAE 3402 statement provides an overview of the general state of the company's IT organisation. The statement relates to all business processes around the IT function which are part of or may affect the financial reporting: Development, operation, preparedness, documentation, etc. The ISAE declaration also relates to the completely low-practice, such as the physical conditions, such as how servers / data centers are located, accesses, etc.
In connection with the issuance of an ISAE declaration, the audit firm reviews the documentation and conducts random checks of the various areas (mentioned above). This results in a report and statement from the audit firm based on the observations and checks that are made at the firm.
If you have any further questions regarding Zenegy's ISAE 3402 statement, please feel free to contact us.