It supersedes SAS 70. and puts more emphasis on procedures for the ongoing monitoring and evaluation of controls.
[2] An ISAE 3402 attestation including an audit report is regarded as a quality criterion for service providers that distinguishes them from competitors.
[3] It also pays for a customer to contract with a service provider that holds an ISAE 3402 attestation: the auditor of the customer can rely on the attestation of the service organization, resulting in a reduced necessary audit budget.
It is also known as "Internal Control Framework over Financial Reporting" (ICFR)[citation needed].
In order to be able to read and understand an ISAE 3402 report, some core terms are essential: