If your organization provides business-to-business IT or financial services, it’s likely that your clients will request SOC 2 or ISO 27001 certification or attestation. This process can demand significant resources and time from your organization. This article explains the similarities and differences between these two certifications. A SOC 2 report and an ISO 27001 certificate can be compared to close relatives, and there are opportunities for efficiency, as achieving one certification can significantly reduce the time required to obtain the other.

Summary

Solera is a software provider in the automotive and insurance industry. Solera’s mission today is ‘to be the 80% intelligence to help customers manage the risk of a collision, mechanical or maintenance repair and service’. Solera provides solutions for general automotive information and information on insurance claims in the automotive industry.

Due to current developments in outsourcing and the associated risk management, SASconsult has developed an implementation model that enables a cost-efficient ISAE 3402 implementation. This model (the SAS | Modeller) is delivered in a web tool that includes the process flows. The result is that the processes and controls required under ISAE 3402 are visible to everyone (via, for example, the intranet).

The widely adopted COSO (Committee of Sponsoring Organizations of the Treadway Commission) risk framework, frequently utilized in the implementation and auditing of standards such as ISAE 3402 or ISO 27001, is due for a comprehensive update.

General

Since the beginning of 2012, negotiations have been underway to finalise the content of the Omnibus II directive and the Level 2 implementing measures. The definitive agreement on the Omnibus II directive is expected shortly. The definitive agreement on the Level 2 implementing measures is expected in the autumn. The focus lies on the risk-free curve, capital requirements, and own funds, as well as transitional measures.

Pillar Developments 

Additionally, there are developments per pillar:

ISAE 3402 is the standard for outsourcing processes and security. It is increasingly required across various industries and by government entities for participation in tenders.

TelecityGroup is Europe’s leading carrier-neutral data centre provider. TelecityGroup’s data centres offer high connectivity and secure environments for IT and telecom equipment, which are the driving force behind the digital economy. Telecity has data centre clusters in 12 major European cities. In Telecity’s data centres, the networks that make up the Internet converge, and bandwidth-intensive applications, content, and information are securely hosted.

Amsterdam, 19 May 2015 – All TelecityGroup locations in Amsterdam have been certified according to the international outsourcing standard ISAE 3402. With this certification, TelecityGroup Netherlands demonstrates that its data centres meet internationally accepted quality and security standards. For customers, this certification provides proof that their outsourced processes are effectively controlled within the data centre.

President Klaas Knot of the Dutch Central Bank (DNB) has expressed clear concerns regarding the collateral accepted by the seven central banks in the eurozone. ‘I would have preferred it otherwise; I would have preferred we had not done this at all. As a central banker, I am naturally not enthusiastic about this,’ he stated.

In December and February, the ECB provided banks with three-year loans totaling €1000 billion. During this operation, the collateral requirements were relaxed, increasing the risk exposure.

Gabriel Bernardino, president of EIOPA, expressed his desire for an international insurance market supervisory and legislative body in a speech early this month.

´The insurance market is spreading globally, creating new opportunities, challenges but also risks,´ said Bernardino. Creating a healthy and stable insurance market requires such international cooperation. The best way to ensure financial stability and proper consumer protection is through the development of a global regulatory and supervisory standard.