20 February 2017
Carerix takes important step with ISAE3000
In recent months, Carerix has been undergoing its periodic assessment by an independent EDP auditor and chartered accountant. We are proud to announce that we were awarded an ISAE 3000 Type 1 report in December 2016. ISAE 3000 certification relate to risk management systems for information security, system availability, system integrity, confidentiality and privacy.
But what is ISAE 3000?
ISAE stands for “International Standard On Assurance Engagements”. ISAE 3000 is the international version of America’s SAS 70 certification. Unlike SAS 70, ISAE 3000 is an international benchmark. The report compiled for Carerix shows that its internal management processes are implemented exactly as described. The organisation also uses this independent assessment to give (potential) customers greater certainty about the quality of its services. ISAE does not identify specific approaches, but contains requirements for quality management systems.
Why is certification important to Carerix?
An important part of the service we offer involves handling information in a safe and reliable manner. Within the various sectors where our customers operate, it is increasingly important to deal with reliable personal details and other confidential information. Carerix believes this is essential and wants to meet the highest standards when doing so. Certification means we can officially do this with international recognition. Besides ISAE 3000 certification for Carerix as an organisation, data centres used to host the Carerix application are also ISO27001:2013 certified.
T-Assurance versus IT Certification
What are the differenced between ISAE3000 and ISO 27001? ISO 27001 is a security benchmark. This benchmark features guidelines (‘best practices’) for an organisation’s information security. ISAE 3000 is an audit benchmark for reporting about risk management within (development) processes. That’s why information security is an integral part of ISAE 3000.
Tips or questions?
Do you have questions or comments about information security or our ISAE 3000 Type 1 report? Then send an e-mail to firstname.lastname@example.org.