Third Party Assurance (Service Organization Controls)

Third Party Assurance (Service Organization Controls)

- ISAE3402/SOC1/SOC2+

Our Third Party Assurance (TPA) service provide values to clients by streamlining their user entity’s external audit procedures. Potential clients including System Integration (SI) service providers, Cloud service (IaaS/PaaS/SaaS) providers, and other outsourcing service providers managing user entity’s information can be benefited from our TPA services and bring additional values to user entities.

1. Assurance report for user entity and user auditors (SOC1/ISAE3402)

  • Assurance related to processing of financial transactions
  • Scope tailored to the specific service provided and related risks
  • Point-in-time (Type I) and Period-of-time (Type II) validations

2. Assurance report for privacy, information security, confidentiality, availability, and integrity (SOC2/SOC2+/ISAE3402)

  • Assurance related to nonfinancial information processing
  • Scope determined by the Trust Services Criteria, including availability, processing integrity, confidentiality and privacy

3. Other assurance report based on clients’ own control framework (e.g. new information security framework regulated by any governmental bodies)

  • Assurance related to privacy, data protection, or other regulation/framework based on clients’ needs
  • NIST Cybersecurity/Privacy Framework
  • EU General Data Protection Regulation (GDPR)
  • EU Digital Operational Resilience Act (DORA)

$$BDO.LiveSite.CookieBanner.Description$$

$$BDO.LiveSite.CookieBanner.Accept$$$$BDO.LiveSite.CookieBanner.Decline$$