ENSIA

Support in ENSIA accountability

  • ENSIA

ENSIA

Combining audits

Municipalities must provide accountability for various aspects of the assigned tasks, use of IT and processing of confidential information.sHowever, the rules of the standard that must be met are constantly changing. For example, as of 2020 the Baseline Information Security Municipalities (Baseline Informatiebeveiliging Gemeenten, BIG) has been replaced by a government-wide Baseline Information Security Government (Baseline Informatiebeveiliging Overheid, BIO). The same goes for the method for providing accountability which is in constant flux. In order to reduce the audit pressure, the Unambiguous Normative Single Information Audit (Eenduidige Normatiek Single Information Audit, ENSIA) was created.

A municipality is itself responsible for organizing the ENSIA accountability process, with which a municipality states by means of a statement to what extent the requirements from the BIO, Suwinet and Logius are met. 

We understand that the accountability process must be properly completed, but also that the necessary complexity entails uncertainties. In addition, your municipalities may also make use of partnerships, for which accountability is also required. We have many years of experience with the above standards and are therefore able to support you in ENSIA accountability.

The benefits of Auvaro at ENSIA

  • Our auditors are Register EDP auditors at the Dutch Professional Organization of IT Auditors (NOREA), and well-versed in the BIO/ENSIA, Suwi and DigiD requirements;
  • The auditors of Auvaro are qualified 27001:2017 auditors and therefore have extensive experience in testing the measures from ENSIA, which is based on this standard;
  • Thanks to our hands-on experience with the developments in the field of BIO/ENSIA accountability, the dynamics of municipalities and partnerships and reporting requirements, we offer a proven effective and efficient approach.
More information on ENSIA

Combining audits offers certain advantages. It not only saves you on costs and time, but it also reduces the audit pressure within your organization: your employees only have to give insight into their daily activities once and can get back to work faster.

Assurance audits can easily be combined, and in many cases combining ISO audits and assurance audits can bring efficiency. 

Request our whitepaper for more information.

More information on combining

Combining audits

Het combineren van audits is over het algemeen een goed idee. U bespaart  hiermee niet alleen op kosten en doorlooptijd, maar verlaagt ook de  auditdruk binnen uw organisatie: uw medewerkers hoeven het verhaal maar één keer uit te leggen en kunnen sneller weer aan het werk.

Assurance audits kunnen over het algemeen onderling goed worden gecombineerd,  maar ook door het combineren van ISO audits en assurance audits is in  veel gevallen winst te behalen. 

Request our whitepaper for more information.

More information on combining

Which statement?

An assurance statement is an effective and efficient way to provide assurance to your customers about the processes they outsource to you. There are different kinds of statements. 

The primary question is: “Which assurance statement provides sufficient assurance for the processes outsourced to me by my client?”

Het antwoord vindt u onze whitepaper.

More information on statements

Our approach

  • Practical: We carry out every audit according to a predefined method, which we communicate clearly in advance. This way you know exactly what to expect and what we expect from you;
  • Professional: We do not compromise on the quality of our services, so we can ensure that not only our high internal standards are met, but also those of our customers;
  • Pleasant: From the start, one of our senior partners will be appointed to you as your primary contact. They are available for any questions you may have regarding the audits. In addition, our teams are built around talented, hard-working professionals who are only satisfied when you are.

Our approach has been proven to be effective and efficient and our auditors are highly experienced. This allows us to offer high-quality support in ENSIA accountability at a very competitive price. Please visit our Assurance Calculator for a quote.

Assurance Calculator

Which statement?

An assurancestatement is an effective and efficient way to provide assurance to your customers about the processes they outsource to you. There are different kinds of statements. 

The question is: “Which assurance statement provides sufficient assurance for the processes outsourced to me by my client?”

The answer to this question can be found in our whitepaper.

More information on statements

Contact form ENSIA

Valk

As Valk Solutions, we automate business-critical point of sale processes for retail organizations. Our customers entrust us with their competition- and privacy-sensitive data. The ISAE 3402 statement is an independent confirmation for retailers that they are in good hands with us. Auvaro's audit team closely monitors that we work according to the standard every year. This sets us apart from the competition.

Karin Valk
Managing Director - Valk Solutions

Itris

Since 2016, Auvaro has been conducting the ISAE3402 audit at Itris. Itris' services to its customers are audited against NOREA's framework of standards. Since 2018, the ViewPoint functionality, Itris' ERP package, has also been audited against a framework of standards drawn up by Itris and its customers. For both audits, Auvaro issues an ISAE3402 type II statement annually. The audits are planned in close consultation with each other and are carried out in a pleasant manner by the auditors of Auvaro. We are therefore very satisfied with this service.

Marianne van Leeuwen
Manager Customer Support & Quality - Itris

CACI

Our ISAE 3402 audit was conducted efficiently and in a pleasant manner. The auditors guided us professionally.

Peter Van Den Plas
Information Security Officer - CACI B.V.

Peopleware

The audit process was carried out in a professional manner. Our ICT architects were impressed by the available ICT knowledge of the auditors. Conversations were conducted in a pleasant and constructive manner. It's very efficient that ISO 27001 and ISAE 3402 audits can be combined.

Theo van den Hoek
Program manager - Peopleware ICT Solutions

PeopleINC

We wanted to investigate whether we could get an ISAE 3402 certification for our payroll service. After searching on the internet we came across Auvaro. After a first introductory meeting, we quickly started describing the processes and controls. Following Erik's advice, we then added and changed some checks and made some adjustments to our working method, after which we already received the first audit at the beginning of 2019. From this, some points emerged that have been adjusted and at the end of 2019 we received the final audit for 2019 and we were ISAE 3402 certified! The collaboration went very well and the certification also gives our customers the certainty that they can outsource their payroll administration with confidence.

Pier de Vries
Manager salary service - PeopleInc

Conclusion

We are an organization where a lot of information and personal data of our customers is processed. To provide a guarantee about our information security, we came to Auvaro about 3 years ago to guide us in this and to obtain an ISAE 3402 Assurance report. This year we were again audited by Erik and his team. It were intensive 'remote audit' days, but Erik and his team guided us in a very pleasant and flexible way. They were very thorough and precise and helped us with the right constructive feedback to have information security 'in control' even better.

Lisa Houwer
Security & Information Officer - Conclusion Learning Centers

previous arrow
next arrow