Skip to main content
  • ISAE 3000
    Secure outsourcing
  • ISAE 3000
    Read more

for security, sustainability and outsourcing

ISAE 3000

ISAE 3000 is the international assurance standard for non-financial information.


More key IT functions are outsourced to service organizations as a consequence of cloud opportunities and global competition.

Trust Service Criteria

The Trust Service Criteria for security, privacy, availability and confidentiality are international recognized.

General IT Controls

ISAE 3000 is the international standard voor assurance over IT Controls and supports in gaining confidence over business processes.

Attestation Services

ISAE 3000 and ISAE 3402 are the most common Service Organization Control (SOC) 1 and 2 reports.
ISAE 3402 vs ISO 27001

Implement ISAE 3000

What are the organizational implications of ISAE 3000 SOC 2? What are the requirements?
For an ISAE 3000 SOC2-report the control framework, control descriptions should be described and auditable. An ISAE 3000 SOC 2 should audited by an external auditor (CPA, CA, Wirtshaftsprufer, expert comptable or RA).
The scope of an ISAE 3000 is in generally free, the scope should relate to non-financial processes. If the Trust Service Criteria are applied, the control framework should be described in accordance with these.

More information?

Do you want more information on the impact and requirements of ISAE 3000? Please send information request to