ISAE 3000 Type 2 Report

The International Standard on Assurance Engagements (ISAE) 3000 is a standard which is applied for audits of internal controls, sustainability and compliance with laws and regulations. The ISAE 3000 Type 2 Report is a self-assessment which is then audited by an independent third party, and provides assurance on the suitability of the design and existence of controls over a period of time.

This report verifies the effectiveness of the internal controls of the datacenter used by indagia to support adherence to certain FINMA (the Swiss Financial Market Supervisory Authority) requirements applicable to regulated financial services customers."

The report covers the requirements of the following FINMA Circulars:

2018/03 FINMA Circular “Outsourcing – banks and insurers” (21.09.2017).

2008/21 FINMA Circular “Operational Risks – Banks” (20.11.2008) – Principal 4 Technology Infrastructure.

2008/21 FINMA Circular “Operational Risks – Banks” (20.11.2008) – Appendix 3 Handling of electronic Client Identifying Data.

2013/03 FINMA Circular “Auditing” (06.12.2012) – Information Technology.

ISO/IEC 27001

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 163 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure.

ISO/IEC 27001 outlines and provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.

The infrastructure used by indagia is certified as ISO/IEC 27001 compliant. The 27001 standard does not mandate specific information security controls, but the framework and checklist of controls it lays out allow our suppliers to ensure a comprehensive and continually improving model for security management.


A SOC 1 report documents a cloud service provider’s internal controls that may be relevant to a customer’s financial reporting. This report is particularly useful for organizations that audit financial statements.

SSAE 18 / ISAE 3402 Type II

The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards.

SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402).

SSAE 18 and ISAE 3402 are used to generate a report by an objective third party attesting to a set of assertions made by an organization about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.

Our suppliers infrustructure undergoes a regular third-party audit to certify individual products against this standard.