More and more companies outsource activities to specialised service organisations, such as property management organisations, SaaS suppliers, cloud services, data centre providers and payroll bureaus. They demand that the service organisation has taken effective measures to ensure data protection and to protect the privacy of the data. Increasingly often, supervisory bodies also require assurances for outsourced tasks.


In those cases, an ISAE 3402 (SOC 1) report will help you as a service organisation. In this, you describe the risks of your business processes and the measures that were taken to achieve the objectives. ISAE 3402 reports are available as Type 1 and Type 2 variants. A Type 1 report assesses the internal controls; a Type 2 report includes the control measures.


We can help you with both types of SOC Assurance reports. Together with you we can check which type of report fits your services best. PKF Wallast can add assurance by performing an audit on the report. During the process we will help you raise your level in the field of internal controls.