CapaSystems’ ISAE FAQ

A service provider that has obtained an ISAE report can demonstrate the reliability of its services. The report serves as a quality seal, showing that an independent auditor has reviewed and assessed that data is handled confidentially, at a high-security level, and that any risks are properly documented and controlled.

At CapaSystems, our customers should be able to trust that there are no additional risks associated with entrusting parts of their business and data to us. Therefore, we are committed to working with a certified auditor to obtain an ISAE 3000 report as part of our ongoing annual compliance and information security efforts.

An ISAE 3000 report can cover any control that is agreed upon between the service provider and an independent auditor.

At CapaSystems, we have voluntarily chosen to have an independent external auditor review our handling of customer data. This independence ensures the objectivity of our ISAE 3000 GDPR report, which documents the effectiveness of our internal processes and controls. The auditor has confirmed our compliance with GDPR internally and in relation to external parties. As a data controller, you thus gain assurance that your data is being processed in accordance with applicable regulations.

ISO 2700X certifications have previously been the standard for information security. However, as the threat landscape changes, it becomes necessary for companies to achieve a broader level of protection. ISO 27001 primarily focuses on the design of controls, while ISO 27002 guides implementation. ISAE reports are based on these ISO controls but also offer the opportunity to test their effectiveness.