ASYX takes security serious. This is proven by the fact that we are successfully audited against International Standard on Assurance Engagements (ISAE) No. 3402, which is a very important Assurance Reports on Controls at a Service Organization. The standard was issued in December 2009 by the International Auditing and Assurance Standards Board (IAASB), which is part of the International Federation of Accountants (IFAC). ISAE 3402 was developed to provide an international assurance standard for allowing public accountants to issue a report for use by user organizations and their auditors (user auditors) on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting. ISAE 3402 is the international replacement of the SAS 70 standard, which is only applicable to organizations which are under the jurisdiction of the Securities and Exchange Commission (SEC) and therefore have to follow SOX.
Our security control framework is based on ISO 27001 policy standards. This framework is frequently reviewed and updated based on risk assessments. Furthermore, we work with external parties to review effectiveness of security controls in place:
The security of ASYX’s infrastructure was found to be outstanding. Despite very high efforts, pen-testers where unable to compromise ASYX’s infrastructure, both during the external and internal pen-test.