ISAE 3402 — Assurance Reports on Controls at a Service Organisation
International Standard on Assurance Engagements (ISAE) 3402, issued by the International Auditing and Assurance Standards Board (IAASB), provides a framework for practitioners to issue assurance reports on controls at a service organisation. Type 1 reports describe controls and their design suitability at a point in time. Type 2 reports also include operating effectiveness testing over a period. Used globally (outside the US where SSAE 18 applies) for service organisation assurance, particularly in financial services, IT outsourcing, and cloud computing.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
Engagement Requirements
| Code | Title |
|---|---|
| ISAE3402-1 | Engagement Acceptance |
| ISAE3402-2 | Materiality and Risk |
| ISAE3402-3 | Evidence and Documentation |
Management Assertion
| Code | Title |
|---|---|
| ISAE3402-7 | Management Statement |
| ISAE3402-8 | Control Objectives |
System Description
| Code | Title |
|---|---|
| ISAE3402-4 | Description of System |
| ISAE3402-5 | Fair Presentation |
| ISAE3402-6 | Complementary User Entity Controls |
Type I Report
| Code | Title |
|---|---|
| ISAE3402-T1-1 | Design of Controls at Point in Time |
| ISAE3402-T1-2 | Service Auditor Opinion (Type I) |
Type II Report
| Code | Title |
|---|---|
| ISAE3402-T2-1 | Operating Effectiveness (Min 6 Months) |
| ISAE3402-T2-2 | Tests and Results |
| ISAE3402-T2-3 | Service Auditor Opinion (Type II) |
Frequently Asked Questions
What is ISAE 3402 — Assurance Reports on Controls at a Service Organisation?
ISAE 3402 — Assurance Reports on Controls at a Service Organisation is a compliance framework from International (IAASB) with 5 domains and 13 controls. International Standard on Assurance Engagements (ISAE) 3402, issued by the International Auditing and Assurance Standards Board (IAASB), provides a framework for practitioners to issue assurance reports on controls at a service organisation. Type 1 reports describe controls and their design suitability at a point in time. Type 2 reports also include operating effectiveness testing over a period. Used globally (outside the US where SSAE 18 applies) for service organisation assurance, particularly in financial services, IT outsourcing, and cloud computing. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ISAE 3402 — Assurance Reports on Controls at a Service Organisation have?
ISAE 3402 — Assurance Reports on Controls at a Service Organisation has 13 controls organised across 5 domains. The largest domains are Engagement Requirements (3 controls), System Description (3 controls), Type II Report (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ISAE 3402 — Assurance Reports on Controls at a Service Organisation map to?
ISAE 3402 — Assurance Reports on Controls at a Service Organisation does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with ISAE 3402 — Assurance Reports on Controls at a Service Organisation compliance?
Start your ISAE 3402 — Assurance Reports on Controls at a Service Organisation compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISAE 3402 — Assurance Reports on Controls at a Service Organisation requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 13 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 692 frameworks.
Get Started Free →Free forever — no credit card required