Our compliance certifications

    Anyone who uses the cloud or SaaS (Software as a Service) services cannot avoid thinking carefully about the security of data that is stored or processed in the cloud. Information security certifications are an important indicator of well-regulated information security. In general, it can be said that your data is safe with cloud suppliers with a certification. Certifications are only awarded if organizations work according to strict procedures and thus demonstrably have the working method in order.

    In this section you can find the certifications and third-party attestations our products have.

    ISAE3402

    The ISAE3402 is an international standard. The ISAE3402 report provides assurance on the controls at service organizations, particularly those relevant to financial reporting.

    The ISAE3402 standard has two types of reports:

    • Type I: This report includes an opinion of the external auditor on the design and implementation of management measures.
    • Type II: In addition to the design and implementation, this report includes an opinion of the external auditor on the operational effectiveness of the service organization’s control over a period of time.

    Exact has ISAE 3402 reports for the following services:

    • ISAE3402 – Exact SaaS products, including Exact Online, Exact Proquro, Exact Boekhoud Gemak/Multivers and HR & Salaris Gemak
    • ISAE3402 – Exact Cloud Services
    • ISAE3402 – Exact Payments Services

    These reports are only available to existing customers or to auditors of existing customers. You can request a copy of these ISAE 3402 reports via the Support Portal.

    Exact’s integrated control framework (ICF) is the basis of the ISAE 3402 reports. Exact developed and implemented this ICF tailored to our unique environment. The ICF is based on the ISO27001 standard for Information Security Management Systems and is also mapped against regulations like NIS2 and DORA (Digital Operational Resilience Act) to ensure comprehensive coverage of controls. The ICF framework allows us to conduct a single test and ensure compliance across multiple areas.

    For a detailed overview of the ICF and how this maps to the ISO27001 standard and DORA requirements, please see the attached document:

    ISO27001

    As explained in the above paragraph, Exact’s Integrated Control Framework is based on the ISO27001 standard for information security. The standard specifies requirements for establishing, implementing, executing, monitoring, assessing, maintaining, and improving a documented Information Security Management System (ISMS) in the context of the general business risks to the organization. The ISMS is designed to ensure the choice of adequate and proportionate security measures that protect the information and provide confidence to stakeholders.

    Currently there are two ISO27001 certificates available at Exact. It relates to the following two products:

    ISO9001

    ISO9001 is a globally recognized standard for quality management that helps organizations of all sizes and sectors to improve their performance, meet customer expectations, and demonstrate their commitment to quality.

    Exact Customer Success Delivery has been certified as ISO9001 compliant after undergoing an audit by an independent third party. This certification demonstrates Exact’s commitment to delivering high-quality customer support and meeting the needs of customers and applicable statutory and regulatory requirements.

    The certificate, can be downloaded via the link below:

    © Exact 2024
    EN Select your country