FA Solutions passed the ISAE 3402 Type 2 Assurance Report Auditing on January 14th, 2022, without any remarks. The auditing was conducted by Deloitte.
As a SaaS provider of core Investment Management solutions in the highly regulated financial industry, we at FA Solutions know it is essential to ensure the services we provide have adequate internal controls.
International Standard on Assurance Engagements 3402 (ISAE 3402) is an international assurance standard widely recognized globally.
FA implemented the ISAE 3402 type 2 reporting in 2020 and passed the first audit one year ago. Now we have successfully passed the audit covering our operations during 2021, and again, FA passed the audit and testing without any remarks. This year, the audit also included testing additional customers’ Azure hosting environments.
The majority of the controls generally apply to all FA customers but only selected customer installations meeting required criteria are included in the testing samples and the official general assurance report. The general annual assurance report is included in the FA plans Accelerate and Advance. The annual assurance report is available for all FA clients and prospective customers upon request.
The report covers selected controls within the following control areas:
- Access Management (AM)
- Change Management (CM)
- Backup and Recovery (BR)
- Data Processing (DP)
What does the ISAE3402 – type 2 Assurance Report include?
The report is divided into the following sections:
- Independent Service Auditor’s Report
- Management’s Statements
- Description of FA Solutions’ Portfolio Management Solution
- FA Solution’s Control Objectives and Activities, and Deloitte’s Test of Design, Implementation, and Operating Effectiveness
The report covers controls within the following processes relevant to the FA Portfolio Management Solution:
- Access management
Control Objective: Controls provide reasonable assurance that logical access to the Portfolio Management Solution System is limited to authorized individuals.
- Change Management
Control Objective: Controls provide reasonable assurance that changes to application programs and related data management systems are authorized, tested, documented, approved, and implemented to result in the complete, accurate, and timely processing of business-critical information.
- Backup and Recovery
Control objective: Controls provide reasonable assurance that the customer systems are appropriately backed up and that data and systems can be recovered in a timely and complete manner.
- Data Processing
Control objective: Controls provide reasonable assurance that system processing is executed in a thorough, accurate, and timely manner and that problems or errors are identified, recorded, and resolved according to defined processes.