ISAE 3000 for NIS2 - IT Security & Compliance Assurance

Do you deliver IT services under a SKI framework agreement?

Home page ISAE 3000 - SKIS

ISAE 3000 - meet SKI's IT security requirements and avoid daily fines 

Do you provide IT services under an SKI framework agreement?
Then you must be able to document your IT security level with an ISAE 3000 declaration - both at start-up and annually.

At Inforevision, we help you meet SKI's requirements through customized ISAE 3000 Type 1 and Type 2 declarations - adapted to the specific requirements in Appendix B.3.

What is an ISAE 3000 declaration for SKI agreements? 

It is an independent auditor's statement documenting your security measures according to the requirements of the SKI framework agreement - including access levels, data types and social criticality.

The declaration must be submitted:

  • Type 1: within 3 months after the agreement comes into force
  • Type 2: annually and with evidence of actual compliance

When is ISAE 3000 SKI relevant?

  • When your employees have physical or remote access to customer systems
  • When you process sensitive, business-critical or socially critical data
  • When you need to be able to document security measures to SKI
  • When you want to avoid daily fines of up to DKK 5,000/day

Do you need help getting ready?

We help you with:

  • Clarify your security level and relevant add-on packages
  • Building the necessary compliance setup
  • To prepare ISAE 3000 statements that comply with Annex B.3

Read more about our consulting services here 

Ready to get an ISAE 3000 SKI declaration?

We make sure you meet all requirements - and avoid errors, delays and daily fines.

Read more about our declarations here

 Tool: Lexoforms

Lexoforms can help map risks, provide an overview of controls and gather documentation - making it easier to prepare for the declaration.

Read more about Lexoforms here

FAQ - frequently asked questions

Which declaration type should we use?

Type 1: required no later than 3 months after the start of the agreement and documents that controls have been implemented
Type 2: must be prepared annually and documents that the controls have worked in practice

What determines our security level?

It depends on:
- Employee access (physical or system)
- What types of data you process
- Whether the solution is critical to society

What if we don't deliver on time?

- Daily fines of up to DKK 3,000-5,000 per working day
- Termination or exclusion from the framework agreement

Contact us - and get a handle on SKI's security requirements

Want to stay ahead of SKI's requirements? We offer a free, no-obligation assessment of your situation and guide you safely through the process.

Contact Simon

Simon Okkels is a Certified Information Systems Auditor (CISA®) - a global certification that guarantees deep knowledge of audit processes, reporting and compliance procedures within IT auditing and IT and information security.

Contact John

John Søbjærg is a state-authorized public accountant with in-depth knowledge of small and medium-sized companies in many industries. He has many years of experience in advising companies and issuing auditor's reports. 

Contact Rasmus

We are always ready to meet

Let's have a no-obligation conversation about what you and your business need and what we can offer. Just fill in the fields in the form and we will contact you shortly.

You are also welcome to call us at +45 39 53 50 00 or send an email to

Employees
140

Customers
3900

Revenue
+150 million

Year of establishment
1986

Growth per year
10%