vision ISAE 3402 SOC 1
Risk Management

Our vision

/ 0 Comments

Markets thrive by trust. Buyers and sellers require mutual trust for each transaction. This is relevant for international trade, corporate takeovers and delivery of outsourced services. A colourfull palete of governance, risk and compliance standards is developped by international audit organizations (IFAC/ AICPA), the COSO committee and the International Organization for Standardization. Organizations are compliant with ISAE 3402/ SSAE 18 SOC1/2/ ISO 27001 or the COSO framework. Often standards overlap and require significant investments in proces redesign and external audit fees.


We experienced that our customers were not able to respond to requirements from their customers. Customers demanding for ISAE 3402 SOC1 and ISO 27001 in their Requests For Proposals, often initiated or pushed by their auditors. Their customers; the organizations that outsourced processes or user organizations also missed oversight, resulting in the overdemand, as described. Our institute is the founder of sites such as ISAE3000.com, ISAE3402.co.uk and ISAE3402.nl. Websites focussed at providing insight and in depth knowledge of each standard and providing a platform for organizations to acquire more exposure on their compliance with risk and governance standards. This worked! More than 600 organizations are active members on these websites. 


The Register-websites became marketplaces for supply and demand of outsourcing services. Service organizations achieved exposure and user organizations found the best in class service providers.


The succes of these websites strengthened our vision; alligning economic interests of market participants to sustainable and transparant solutions. The GRC index takes this vision one step further; with standards is clustered on this website providing an overview to corporates (user organizations) on compliance with standards and concluding on the quality, security and transparancy of these organizations. Organizations are rated in the index on compliance with standards and the GRCi framework (standard for risk management, based on years in depth experience in the assurance and outsourcing industry).

The GRCi provides no opinion on the quality of the assurance opinions or certificates, but provide7a holistic quality and governace rating, based on information provided by the organization and the determination of compliance with external standards. To ascertain the latter, organizations are required to provide substantive information before registration.