CRISAM ISAE 3402 Knowledge Pack

This CRISAM® Knowledge Pack supports you in achieving compliance with ISAE 3402. The CRISAM® ISAE 3402 Knowledge Pack replaces the CRISAM® extension SAS70 and focuses on the evaluation of the current IT setup according to ISAE 3402 (COBIT) standards. An additional manual evaluation is not necessary: the existing evaluation by CRISAM® ISMS Knowledge Pack is sufficient. The integrated reports of CRISAM® Explorer serve to display the ISAE 3402 compliance as usual – in a clear and concise manner.

Key features and benefits

  • Provides assignment of all control objectives, which are part of the risk model, with regard to the ISAE 3402 relevant process framework COBIT.
  • Provides all relevant information for defining and pooling company-specific ISAE 3402 controls.
  • As a result, best possible support for gaining and regaining ISAE 3402 certification.
  • The integrated mapping allows an immediate evaluation of CRISAM® ISMS control objectives according to COBIT – an additional evaluation is not required.
  • Available in German and English.

Combined expertise

When IT services are provided by a third party and thus, financial reports are impacted, the company has to make sure that the external service providers have established appropriate modified control processes. So far these controls were checked against the American standard SAS 70, which now has been replaced by the international standard 3402.

Figure 1: Shows the included ISAE 3402 compliance report


Based on the CRISAM® risk tree, the ISAE 3402 Knowledge Pack report provides assignment of all included components with regard to the ISAE 3402 relevant process framework COBIT. This results in the following chapter structure: plan and organise (PO), acquire and implement (AI), deliver and support (DS) and monitor and evaluate (ME).

Figure 2: Spider chart in ISAE 3402 compliance report (deliver and support)

System requirements

CRISAM® Explorer
CRISAM® ISMS Knowledge Pack