Today, more customers and business partners are demanding documentation for GDPR compliance. With an ISAE 3000 declaration, you show that your company handles personal data responsibly.
ISAE 3000 - document your GDPR compliance professionally
Today, more customers and business partners are demanding documentation for GDPR compliance. With an ISAE 3000 declaration, you can show that your company handles personal data responsibly - and has processes, controls and security in place.
At Inforevision, we prepare ISAE 3000 declarations with a specific focus on GDPR - both for data controllers and data processors.
What is an ISAE 3000 statement with a focus on GDPR?
It is an independent auditor's statement that documents that you have established and implemented controls to ensure compliance with GDPR.
The statement can be used towards customers, business partners, authorities and the board.
When is ISAE 3000 GDPR relevant?
- When you process sensitive or large amounts of personal data
- When customers or partners require documentation
- When you want to strengthen your credibility and compliance profile
- When you want to prepare for an inspection or audit
- When you are a data processor for larger companies
Do you need help getting ready?
We help you assess your current GDPR setup and identify any gaps.
This ensures that you are strong and confident when the declaration process begins.
Read more about our consulting services here
Ready to get a GDPR statement?
We prepare ISAE 3000 GDPR statements for both controllers and processors - tailored to your reality and needs.
Read more about our declarations here
Tool: Lexoforms
Lexoforms can help bring together data processing agreements, risk assessments and controls - and give you the necessary structure towards a declaration.
Frequently asked questions (FAQ)
Who typically needs an ISAE 3000 GDPR statement?
Both controllers and processors who need to document their processing and security level to customers or partners.
Does the declaration apply to the entire company?
No - it is typically created with a focus on the part of your organization where personal data is processed, e.g. a specific solution, department or data processor role.
What is the difference between Type 1 and Type 2?
Type 1 assesses whether controls are designed and implemented correctly at a given point in time. Type 2 also assesses whether they have worked effectively over a period of time (typically 6-12 months).
Contact us - and get started with your GDPR declaration
Do you want to strengthen your credibility and ensure impartial documentation? We guide you all the way from preparation to the final ISAE 3000 declaration.
Contact Simon
-
Simon Okkels
Simon Okkels is a Certified Information Systems Auditor (CISA®) - a global certification that guarantees deep knowledge of audit processes, reporting and compliance procedures within IT auditing and IT and information security.
Contact John
-
John Richardt Søbjærg
John Søbjærg is a state-authorized public accountant with in-depth knowledge of small and medium-sized companies in many industries. He has many years of experience in advising companies and issuing auditor's reports.
Contact Rasmus
-
Rasmus Lykke Sørensen
We are always ready to meet
Let's have a no-obligation conversation about what you and your business need and what we can offer. Just fill in the fields in the form and we will contact you shortly.
You are also welcome to call us at +45 39 53 50 00 or send an email to
Employees
140
Customers
3900
Revenue
+150 million
Year of establishment
1986
