Penta has once again successfully passed the ISAE 3402 type 2 and FINMA reviews, carried out by independent auditors from EY (Ernst & Young). The audits allow Penta’s private cloud services to be used in sensitive sectors such as banking and finance and prove that the company meets stringent regulatory requirements for service providers.
Independent in-depth audit
The International Standard on Assurance Engagements (ISAE) 3402 is the international assurance standard which attests that a service organization has undergone an independent in-depth audit of their internal controls in accordance with the standards issued by the International Auditing and Assurance Standards Board (IAASB).
Penta started the auditing process in 2009 with SAS70 and upgraded to the international ISAE 3402 standard to demonstrate its commitment to the highest standards of operational excellence and regulatory compliance. The recent audit covered the period between 1 July 2015 and June 2016 and referred to seventeen key aspects of the company’s operations, such as data protection, environmental controls and service level agreements.
Compliance with FINMA regulations
In addition, EY also confirmed that Penta meets the Swiss Financial Market Supervisory Authority’s (FINMA) requirements for outsourcing. It means that Penta’s operations and infrastructure meet some of the stringent IT standards required for banks, securities dealers and larger financial groups in Switzerland.
Commenting on the announcement, Farhad Khalilnia, Penta CEO said:
“Penta’s strategy is to further specialize in regulated industries that require high standards in auditing, business continuity and security. This achievement demonstrates our commitment to stringent security and controls for the seventh year running. I am confident that both ISAE 3402 and FINMA-conformity attestations will provide significant service assurance to our existing and potential customers, not only from sensitive sectors such as banking and finance.”
Annual independent audits provide both Penta and its clients with quantifiable proof that the entire internal control system is effective and secure and that it is monitored and improved on a continuous basis, even after the conclusion of the audit.