Allgemein

Successfully Completed ISAE 3402 Report Type 2

16. Feb. 2021

In our blog post last November we already talked about our ISO27001 certification and our ISAE 3402 Report Type 1. I am happy to announce that we successfully completed the ISAE 3402 Report Type 2 in January 2021.

About ISAE

Even though not mentioned explicitly in the Rundschreiben 2018/3 circular, lots of FINMA regulated companies requires a ISAE 3402 Report Type 2 from their suppliers. This report provides substantial added value, ensuring conformity to current regulations.

In Switzerland there are the two FINMA circulars: Rundschreiben 2008/21 and Rundschreiben 2018/3, the latter regulating outsourcing rules for companies in the financial sector.

As mentioned before, we completed the ISAE 3402 Report Type 1 in June 2020, which assesses the suitability, design, and implementation of controls. During January 2021 we completed the ISAE 3402 Report Type 2 for the year 2020. This report additionally evaluates the effectiveness of the controls during the test period, that is, their definition and concrete implementation.

Our ISAE 3402 Report Type 2 was audited by ERM Solution AG.

More Information

If your company requires a yearly ISAE 3402 report for audit or revision, please contact our sales and marketing team. We remain at your service for any enquiry; contact us if you need more information.

Daniel Hauswirth

Daniel Hauswirth is CISO and DevOps Engineer in VSHN. He holds a BSc Hochschule Luzern/FHZ in Computer Science, and is working towards his MAS in Information and Cyber Security at HSLU.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
Tech

About Our ISO 27001 Certification And ISAE 3402 Type 1 Report

11. Nov. 2020
One of our core value propositions consists in making sure that our infrastructure responds to the highest levels of security, confidentiality, and availability.
It is with this goal in mind that we passed our first ISO 27001 certification in 2017, and this year we added an ISAE 3402 audit, initially requested by one of our customers in the financial sector.

ISO 27001

ISO 27001 is a worldwide applied standard for the certification of an information security management system (ISMS). Its aim is to protect information based on an analysis of business risks regarding confidentiality, integrity and availability.
The certification is valid for three years. Every year there is a monitoring audit done by the certification authority. This year the three year period for the first certificate ended. In spite of the ongoing worldwide pandemic we were able to renew this certification earlier this year with excellent results.
The audit required for the renewal not only didn’t raise any concerns, but rather praised positively our KPIs for ISMS, our thorough integration of information security into every single step of our operations, and the overall commitment of management to the whole process.
Our certification is valid for the next three years, and you can download it for review.

ISAE 3402

Service providers are recommended to use a recognized auditing company on their own behalf, which annually reports in a standardized form on the functioning of their internal controls.
This is done in order not to have to repeatedly expose its confidential internal processes, procedures and methods.
The most important international standard for companies in the financial sector in Switzerland is ISAE 3402.
The International Standard on Assurance Engagements (ISAE) 3402 is an internationally accepted audit standard issued and maintained by the International Auditing and Assurance Standards Board (IAASB). The ISAE 3402 is divided into two categories: ISAE 3402 Type I only assesses the suitability or design of controls, i.e. the control design and implementation. While the ISAE 3402 Type II additionally also evaluates the effectiveness of the controls during the test period, i.e. their definition and concrete implementation.
The ISAE 3402 Assurance Report examines the definition and implementation of control objectives as well as the existence and effectiveness of controls. The basic prerequisite for a successful audit is a complete and up-to-date documentation of the company organization, the IT organization and ICS-related issues. This includes an assessment of the existence and effectiveness of the internal control system, including the IT organization and IT security.
ISAE 3402 reports provide substantial added value to FINMA regulated firms, which must ensure conformity to circulars regarding outsourcing, such as Rundschreiben 2008/21 and Rundschreiben 2018/3.
On June 2020 our ISAE 3402 Report Type 1 got audited by ERM Solution AG. We are currently planning the establishment of our Type 2 report by January next year. This report ensures and supports the legal audits of our financial customers.
If your company requires a yearly ISAE 3402 report for audit or revision, please contact our sales and marketing team.

More Information

If you would like to know more about the differences between ISO 27001 and ISAE 3402, please check this link.
We remain at your service for any enquiry. Contact us if you need more information.

Daniel Hauswirth

Daniel Hauswirth is CISO and DevOps Engineer in VSHN. He holds a BSc Hochschule Luzern/FHZ in Computer Science, and is working towards his MAS in Information and Cyber Security at HSLU.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
Interne

Willkommen bei der VSHN, Daniel!

5. März 2019

Nach meinem Informatik-Bachelor-Abschluss im 2012 war ich für sechs Jahre als System Engineer und System Administrator bei einem KMU in Luzern tätig. In diesem KMU wurde Software im Bereich Digital Signage entwickelt und diese bei Kunden integriert. Ich war als System Engineer verantwortlich für das Deployment der auf Tomcat basierten Webapplikation bei Kunden. Als System Administrator zeichnete ich mich verantwortlich für die gesamte interne IT-Infrastruktur. Vor zwei Jahren habe ich mich dazu entschlossen, einen MAS-Lehrgang in Information Security an der Hochschule Luzern zu beginnen. Mittlerweile habe ich die drei dazugehörigen CAS abgeschlossen; nun ist noch die MAS-Arbeit offen, die ich bei der VSHN im zweiten Halbjahr 2019 schreiben darf.
Bei der VSHN durfte ich diesen März als DevOps Engineer bzw. System Engineer beginnen. Im Bereich der Automatisierung und Containerizing konnte ich im professionellen Umfeld noch nicht tiefgehende Erfahrungen sammeln, weshalb ich ausserordentlich motiviert bin, mich in den Knowhow-Aufbau im DevOps-Umfeld reinzuknien. Ich hoffe mit meiner Erfahrung in schnell wachsenden KMU und meiner Ausbildung auch einen wertvollen Beitrag zum weiteren Wachstum der VSHN liefern zu können. An der VSHN begeistern mich die Entwicklungsmöglichkeiten und dass wir uns am „Puls der Technologie“ bewegen. Im übrigen bin ich auch ein Fan von der transparenten Lohnpolitik. Sollte meine MAS-Arbeit in der zweiten Jahreshälfte von Erfolg gekrönt sein, werde ich ende Jahr die Rolle des CISO übernehmen dürfen.
In meiner Freizeit bin ich sehr gerne in den Bergen. Im Winter verweile ich fast jedes Wochenende auf dem Snowboard und im Sommer versuche ich oft Zeit für eine Wanderung zu finden. Weiter spiele ich sehr gerne Tennis und freue mich schon auf die bald startende Interclub-Saison.

Daniel Hauswirth

Daniel Hauswirth is CISO and DevOps Engineer in VSHN. He holds a BSc Hochschule Luzern/FHZ in Computer Science, and is working towards his MAS in Information and Cyber Security at HSLU.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt