Indeqa is compliant with internationally recognized security standards to ensure you, all board members, and the organization of secured board meetings. By achieving ISAE 3402 Type II, we give Indeqa users certainty about how we deal with risk management and information security.
Indeqa has received their ISAE 3402 Type II declaration from Hoek en Blok IT, the IT audit & assurance division of Hoek en Blok.
As a service organization and provider of software, we know how important it is to implement and execute internal control measures. But that is just the start, compliance and verification of those measures is key.
We annually draw up a Service Organization Control report which is checked by an independent auditor. For this, the ISAE 3402 guideline is used. Information security is an integral part of the process. Primarily intended for the extensive protection of confidential meeting information. Additionally, the report describes the control measures that are also relevant for our customers in relation to their financial reporting.
Indeqa has chosen ISAE 3402 because we want to guarantee our customers the best possible guarantee of security and privacy of data. ISAE 3402 not only takes the guidelines on information into account but also assesses the guidelines and outsourced processes in the form of a report. The assessment framework and the fact that our user’s accountants benefit from this have been important drivers to choose ISAE 3402.
We are often asked if we comply with ISAE 3402 or if we are ISO 27001 certified. Yes, we comply with ISAE 3402. No, we are not ISO 27001 certified.
ISO 27001 is an information security management system. A framework that includes all legal, physical, and technical controls involved in an organization’s information risk management process. The framework helps organizations to systematically assess risks and to put policies and procedures in place to manage those risks. The framework, which consists of numerous guidelines, helps organizations to keep customer data safe.
And that is why we choose not to be ISO 27001 certified: This certification would not prove we build safe products, it would only state we follow certain guidelines. One could develop a concrete life jacket according to the safety guidelines. We can agree that a concrete life jacket would not be safe to swim with.
That is why we choose to be ISAE 3402 compliant instead: ISAE 3402 tests compliance with the guidelines. Our risk management and information security are tested to be 100% compliant with the current guidelines. That means we are actually approved and you can be assured that your data and information are safe within Indeqa.
The annual report provides insight into how we deal with risk management and information security. With this audit, we also demonstrate that we comply with the established security guidelines.
The report provides our user’s auditor with relevant information under Standard 402 “Considerations when using a service organization” - in relation to the annual financial statement audit.
We provide our users with maximum technical and process protection with Indeqa. The reports are available for inspection upon request and we will gladly take the time to read them with you.
ISAE 3402 compliance is of course not literally visible within the product. Indeqa operates within your existing Microsoft 365 environment. One of the most important qualities of our product is that it encompasses the safety principles of your own Microsoft environment. Indeqa copies your current safety settings, such as two-step verification and single sign-on. This way, you maintain your current (and self-selected) safety settings.
Board meeting documents are always safely stored on the user’s Microsoft environment and will never be copied or saved on external servers elsewhere. This way, you keep in control of all your business-sensitive documents.
To log in on Indeqa, you use your current Office 365 account and the associated email address. Indeqa doesn’t require an extra account or password. The rights of users can easily be managed from your SharePoint environment.