Resources
Case Studies
Controls Assurance Audit (ISAE 3402 & SSAE 18 Type II) for SaaS Company

Controls Assurance Audit (ISAE 3402 & SSAE 18 Type II) for SaaS Company

Pragmatic enhancements to develop controls, governance and oversight framework.

The client

A fast-growing and award-winning SaaS (Service as a Software) company which is headquartered in London. The Client also has offices in the US and provides cloud-based Professional Services Automation (PSA) software solutions to professional services organizations around the world.

The work

The Client engaged us to perform ISAE 3402 and SSAE 18 Type II audits in accordance with the relevant standards to provide assurance to its clients over the controls it operates as a service organisation. The controls covered the full spectrum of activities involved in the delivery of the Client’s services to clients including the software development lifecycle.

How we helped

Our experienced business risk and information security consultants audited the process controls by applying the most efficient methodology in accordance with the requirements of AICPA and relevant ICAEW guidance. The testing covered both business and information technology controls. Our consultants continuously challenged the in-scope internal controls to ensure that they were relevant and addressed financial reporting risks. The Client was kept informed of our audit findings and all exceptions noted during the course of the audit. We discussed with the client our assessment of the materiality of the exceptions identified on controls testing and the potential impact on the audit opinion.

Value added

Our specialists went beyond the scope of the ISAE 3402 and SSAE 18 audit and advised the Client on pragmatic enhancements to develop the controls, governance and oversight framework to be commensurate with the size and complexity of the organisation while also addressing the immediate emerging risks.

Industry and sector:

Technology

Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>