Question 1

What is a SOC 2 report?

Accepted Answer

A SOC 2 report is an independent assurance report that demonstrates an organization meets the AICPA Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy. There are two types: Type I (design at a point in time) and Type II (operating effectiveness over a minimum 6-month period).

Question 2

What is the difference between ISAE 3402 and SOC 2?

Accepted Answer

ISAE 3402 is an international standard focused on outsourced processes and financial reporting, while SOC 2 takes a broader view of IT security and management. ISAE 3402 is commonly requested by European clients and accountants, while SOC 2 is the standard in the international market. Both have Type I and Type II variants.

Question 3

What is a DigiD assessment?

Accepted Answer

A DigiD assessment is a mandatory annual ICT security audit for organizations in the Netherlands that use DigiD as an authentication method. The assessment is based on the ICT security guidelines from Logius and must be performed by an independent auditor.

Question 4

What is ISO 27001 and why is it important?

Accepted Answer

ISO 27001 is the international standard for information security. It provides a framework for establishing and maintaining an Information Security Management System (ISMS). Implementation helps organizations manage risks, increase customer trust, and comply with regulations such as GDPR and NIS2.

Question 5

What is NIS2 and which organizations does it apply to?

Accepted Answer

NIS2 is the European directive for network and information security that came into effect in 2024. It applies to essential and important entities in sectors such as energy, transport, healthcare, digital infrastructure, and ICT service providers. Organizations must implement appropriate security measures and report incidents.

Question 6

What is DORA and who does it apply to?

Accepted Answer

DORA (Digital Operational Resilience Act) is a European regulation strengthening the digital resilience of the financial sector. It applies to banks, insurers, investment firms, and their ICT service providers. DORA sets requirements for ICT risk management, incident reporting, digital resilience testing, and oversight of critical third parties.

Question 7

What does an IT auditor do?

Accepted Answer

An IT auditor independently evaluates whether an organization's IT systems, processes, and controls are effectively designed and operating. This includes assessing information security, IT governance, compliance with laws and regulations, and the reliability of IT systems for financial reporting.

Question 8

What is the Secure Audit Platform?

Accepted Answer

The Secure Audit Platform is Secure Audit's proprietary digital audit platform, built with security-by-design principles. It supports the entire audit process: from work programs and testing to findings, follow-up, and reporting. Clients get real-time insight into progress and can exchange evidence digitally.

Our services

Six disciplines, one partner

IT-Audit Services

Compliance Services

Risk Services

Internal Audit

Secure Audit Platform

Security

Looking for an IT auditor?