This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.

Third Party Assurance (Service Organization Controls)

- ISAE3402/SOC1/SOC2+

Our Third Party Assurance (TPA) service provide values to clients by streamlining their user entity’s external audit procedures. Potential clients including System Integration (SI) service providers, Cloud service (IaaS/PaaS/SaaS) providers, and other outsourcing service providers managing user entity’s information can be benefited from our TPA services and bring additional values to user entities.

1. Assurance report for user entity and user auditors (SOC1/ISAE3402)

  • Assurance related to processing of financial transactions
  • Scope tailored to the specific service provided and related risks
  • Point-in-time (Type I) and Period-of-time (Type II) validations

2. Assurance report for privacy, information security, confidentiality, availability, and integrity (SOC2/SOC2+/ISAE3402)

  • Assurance related to nonfinancial information processing
  • Scope determined by the Trust Services Criteria, including availability, processing integrity, confidentiality and privacy

3. Other assurance report based on clients’ own control framework (e.g. new information security framework regulated by any governmental bodies)

  • Assurance related to privacy, data protection, or other regulation/framework based on clients’ needs
  • NIST Cybersecurity/Privacy Framework
  • EU General Data Protection Regulation (GDPR)
  • EU Digital Operational Resilience Act (DORA)