CottGroup® is proud to have ISAE 3402 Type II Security Standards
CottGroup® member companies earned ISAE 3402 Type II certification, referred to as GDS 3402 according to the Turkish Standards (formerly known as SAS 70) as per to the audits held by PKF International.
The ISAE 3402 Type II certification guarantees that the service vendor offers its services and operates according to the quality standards and security measures with international standards.
What is ISAE 3402 Standard?
This standard is a proof measure, showing the service vendor has implemented highest level of control mechanisms implemented to the services being rendered, along with having these services optimized and continuous under any circumstance. An independent auditor agency holds extended analysis and reporting to assure that the mechanisms implemented are accurate and are rightly practiced.
The Audit Report for ISA 3402 contains high degree of information on security and confidentiality along with granting safe guards on data access, security levels, physical access controls, infrastructure and preventive measures on breach and technical attacks; to the parties. Thus, the Report justifies the vendor has met the required and expected standards on business flows and security layers.
CottGroup® holds its both local and global clients and business partners sensitive - critical data within its systems. Therefore, due to the nature of the business processes and having sensitive data in possession, CottGroup® is regularly audited by its clients, business partners, financial and insurance institutions. As per to the outcomes of these regular audits, the infrastructure and security systems are constantly being developed and improved.
ISAE 3402 Type II Report can be acknowledged as a handbook which facilitates easier and safer ways to access information regarding the audit processes.
Why should you care about ISAE 3402 Standard?
It is crucial to have thorough information and additional guarantees for the processes and the controls on these processes, which are offered by the service vendor, in addition to the currently held quality certifications by the vendor. It is also important for the vendor to have acceptable risk levels and meet up to general standards in regards infrastructure and operational flows.
ISAE 3402 Type II standard provides information on the design and structure of our organization's systems and assures the consistency of these systems. Certain factors which have been assured with this report are outlined below:
- Nature of the services and the risks which can occur on the rendered services along with the categorization of the rendered services, where applicable,
- Procedures including but not limited to IT and manual systems on initiating the processes along with receiving, saving, processing, deleting, anonymizing, masking and correcting (where relevant) of data relevant to these processes. This includes the procedures which applies to transferring the data for the report and documentation set that is to be prepared for the organization receiving the service,
- In cases of unexpected circumstances, assuring the system will continue to operate including with corrective measures to be applied on any misinformation transferred to client reports along with the execution of the processes, recording, operating and reporting special accounts with supporting information and accounting records,
- How the system elaborates and handles events and situations other than operations,
- Report and documentation set preparation for the clients,
- Relevant aims in control processes and how the controls are designed to meet the according purposes,
- The defined controls on the design of the system; which are assumed to be applied by the entities receiving the service that cannot be attained solely.
- Other aspects of the control mechanisms which are to serve the purpose of; conducting client operations and reporting the operations, risk analysis, information systems (including the relevant operations) and the communication methods, controlling functions and other aspects of these functions,
- Control checklists and forms which are to serve as a checking mechanism on operations and applicable controlling environment designed specific to meet the objectives in regards.