EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Assurance services through ISAE 3000 & ISAE 3402 standards
Independent assurance over the accuracy of processes, controls, and data is now critical not only for regulators but also for business partners and investors. When you need credible assurance beyond statutory audit, we apply International Standards on Assurance Engagements (ISAE).
What EY can do for you
Controls Assurance under ISAE 3000
ISAE 3000 focuses on non-financial areas such as information security, compliance, sustainability, and ESG/CSRD metrics. This standard allows for flexible definition of criteria, which form the basis for control objectives addressed in the report.
Under this standard, we also issue SOC 2 reports for service organizations, focusing on Trust Services Criteria (TSCs).
However, the scope is not limited to SOC 2. Reports under ISAE 3000 can cover a much broader range of areas (e.g., NIS2, DORA, AI Governance, or SWIFT), fully tailored to your reporting needs.
Controls Assurance under ISAE 3402
ISAE 3402 is designed for service organizations that need to demonstrate an effective control environment relevant to financial reporting (ICFR – Internal Control over Financial Reporting). Under this standard, we provide SOC 1 reports.
Integration across Standards
Together with the client, we define appropriate criteria, test the design and effectiveness of controls, and prepare a report with clear conclusions and recommendations. Our approach is flexible—we can integrate assurance engagements with other standards, such as ISO or SOC, to minimize duplication and streamline the entire process.
Read more about System and Organization Controls on our website.