ISAE stands for International Standard on Assurance Engagements and is designed to ensure that companies are committed to managing their internal processes and controls. At the same time, it demonstrates to customers and partners the company’s commitment to high-quality service and security.
TL;DRAcubiz received clean, unqualified ISAE 3000 Type II and ISAE 3402 Type II assurance reports for 2024, independently confirming that its data protection practices and IT controls both operated effectively throughout the full twelve-month period. These reports give customers and partners a formal, auditor-verified basis for trusting that Acubiz handles their data and systems with the security standards required in regulated financial environments.
ISAE assurance reports are official documents issued by an independent auditor confirming the accuracy and reliability of a company’s financial reports and procedures. A Type II report includes a more detailed and in-depth evaluation of the effectiveness of the implemented controls over an extended period, typically 12 months.
What does ISAE 3000 and ISAE 3402 mean?
The ISAE 3000 assurance report focuses on data protection and the handling of personal data. It confirms that we as a company comply with the requirements stated in our data processing agreement.
In contrast, the ISAE 3402 assurance report focuses on the internal controls of our IT processes. This includes confirmation of the reliability and security of our IT systems, as well as the effective implementation and maintenance of these systems.
Together, these standards help increase transparency, accountability, and trust between the company and its stakeholders regarding IT solutions and data management.
Moreover, the standards reflect our strong commitment to good corporate governance and risk management — values we highly prioritize at Acubiz.
Data Security Remains a Top Priority
At Acubiz, we continue to make data security a top priority, ensuring our customers can rely on being in safe hands with us.
We will continue to test and regularly validate our processes to ensure proper handling of customer data, while also maintaining high standards for our partners and suppliers.
Want to know more? You can find our 2024 assurance reports here.
Frequently Asked Questions
What is an ISAE 3402 Type II assurance report and what does it confirm?
ISAE 3402 is an international standard for assurance on IT service organizations' internal controls. A Type II report is more rigorous than a Type I: it covers the design and the operating effectiveness of controls over a full twelve-month period, not just a point in time. For Acubiz, it confirms that the IT processes, system reliability, and security controls all functioned as stated throughout 2024.
What does the ISAE 3000 assurance report cover?
The ISAE 3000 report focuses on data protection and the handling of personal data. For Acubiz, it confirms compliance with the requirements set out in its data processing agreement, which governs how customer data is collected, stored, and processed. This is the report most directly relevant to GDPR compliance and data processor obligations.
Why does an unqualified audit report matter when evaluating a SaaS provider?
An unqualified report means the independent auditor found no exceptions or qualifications in the controls reviewed. This is the highest possible outcome and gives customers a formal, third-party verified basis for trust rather than relying on the provider's own claims. In procurement processes for enterprise software, especially in finance, ISAE reports are increasingly required as part of due diligence.
How often does Acubiz obtain ISAE assurance reports?
Acubiz obtains ISAE assurance reports annually. The Type II reports cover a rolling twelve-month period, meaning controls are assessed over a sustained period rather than at a single audit date. This gives customers confidence that security and compliance are maintained continuously, not just prepared for an annual inspection.
