SOC 2, SOC 1 & ISAE 3402 Assurance Services
As organisations increasingly rely on outsourced services, technology platforms and data processing, the need for credible, independent assurance has never been greater. Customers, auditors and regulators expect clear evidence that your controls are robust, secure and operating effectively.
At Henderson Loggie, our Internal Audit team provides independent third-party assurance across SOC 1, SOC 2 and ISAE 3402. Our approach is pragmatic, efficient and designed to help you meet client requirements while strengthening your overall control environment.
When do you need third-party assurance?
Organisations typically require SOC or ISAE 3402 reporting when they:
- Are being asked for assurance during client onboarding or procurement
- Need to meet customer due diligence or vendor risk requirements
- Provide services that impact customer financial reporting
- Are scaling as a SaaS, fintech or data-driven business
- Want to reduce repeated audit requests and questionnaires
Third-party assurance demonstrates credibility and helps remove barriers to growth.
Our third-party assurance services
SOC 2 Type 1 reporting
Independent assessment of the design and implementation of your controls at a point in time, helping you demonstrate a credible control environment to customers.
SOC 2 Type 2 reporting
Ongoing assurance over the effectiveness of your controls over a defined period, providing stronger evidence for customers and procurement teams.
SOC 1 / ISAE 3402 Type 1 reporting
Point-in-time assurance over controls relevant to financial reporting, supporting external auditors and client finance teams.
SOC 1 / ISAE 3402 Type 2 reporting
Independent confirmation that financial and IT controls are operating effectively over time and can be relied upon for audit purposes.
Readiness assessments and gap analysis
Identification of control gaps and practical recommendations to prepare your organisation for a successful SOC or ISAE 3402 engagement.
Ongoing control testing and support
Regular testing of controls and ongoing advisory support to maintain compliance and prepare for annual reporting cycles.
SOC 2 – assurance over systems, data and security
SOC 2 reporting focuses on how you protect and manage data across your systems.
It is particularly relevant for technology, SaaS, fintech and data-led businesses and is commonly used during customer due diligence.
SOC 2 reports assess controls against the Trust Services Criteria, including:
- Security
- Availability
- Confidentiality
- Processing integrity
- Privacy
A SOC 2 report helps answer a critical question for your customers:
“Can we trust your systems and how you protect our data?”
ISAE 3402 and SOC 1 – assurance over financial controls
ISAE 3402 and SOC 1 reporting focuses on controls that are relevant to your clients’ financial reporting.
It is typically required where you deliver transaction processing, accounting or financial services on behalf of clients.
These reports provide assurance over areas such as:
- Financial processing and reconciliations
- Payments and pricing controls
- User access and segregation of duties
- IT general controls over financial systems
They allow external auditors to place reliance on your controls as part of their audit process.
Our experience
We have significant experience delivering third-party assurance for complex and regulated environments.
For example, we act as independent service auditor for the UK business of a major international property management organisation, providing:
- Annual ISAE 3402 Type II reports
- Quarterly control testing across financial and IT general controls
- Support across UK and offshore operations
We have supported this engagement for over four years and have been re-appointed on a multi-year basis, reflecting the strength of our delivery and client relationships.
Why choose Henderson Loggie?
- Proven experience across SOC 2, SOC 1 and ISAE 3402
- Technology and IT control expertise alongside financial assurance
- Pragmatic, commercial approach focused on your business needs
- Efficient delivery with minimal disruption to your teams
- Credible, independent reporting trusted by auditors and customers
We work closely with your finance, IT and operational teams to deliver a smooth and effective assurance process.
Speak to our team
Whether you are preparing for your first SOC 2 report or delivering an established ISAE 3402 Type II programme, we can support you. Indeed, we can help you at every stage.
Get in touch to discuss how SOC 2, SOC 1 or ISAE 3402 reporting can support your organisation’s growth. Furthermore, it can help your risk strategy.
