|
ISAE 3402 is an assurance standard. The title is "Assurance Reports on Controls at a Service Organization". It was published in June 2011 as a standard for documenting that a service organisation has adequate internal controls; although often approached from a financial reporting perspective,〔(【引用サイトリンク】url=http://www.pwc.be/en/systems-process-assurance/third-party-assurance-sas70.jhtml )〕 such as Sarbanes-Oxley, it can also be applied to other controls, such as information security.〔(【引用サイトリンク】url=http://www.rackspace.co.uk/certifications/isae-3402-type-ii-service-organization-control-soc2-reporting )〕 ISAE stands for "International Standard for Assurance Engagements". Like SAS 70 and SSAE 16, ISAE 3402 prescribes Service Organization Control reports, which help give assurance to the organisation's customers and service users, who may have their own assurance needs.〔(【引用サイトリンク】url=http://www.a-lign.com/services/audit-attestation/isae-3402-services/ )〕 There are two kinds of SOC reports: * Type I: Documenting a "snapshot" of the organisation's controls * Type II: Documenting over a period of time (typically 6 months) showing controls have been managed over time.〔(【引用サイトリンク】url=http://isae3402.com/ISAE3402_reports.html )〕 ISAE 3402 was developed by the International Auditing and Assurance Standards Board, but it is also supported by the IAASB (International Auditing And Assurance Standards Board) and IFAC (International Federation of Accountants). It supersedes SAS 70,〔(【引用サイトリンク】url=http://www.unicc.org/Pages/SAS-70-and-ISAE-3402.aspx )〕 and puts more emphasis on procedures for the ongoing monitoring and evaluation of controls. ==See also== * ISAE 3000 * SOx 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「ISAE 3402」の詳細全文を読む スポンサード リンク
|