GDPR art. 28 describes that a data controller (our customers) shall use only data processors (Visma) that give sufficient guarantees towards GDPR and the protection of the rights of the data subjects. An ISAE 3000 audit assurance report is the best guarantee that can be given within the choice of audit reports and ISO certificates.
What is ISAE, and what does this mean for Visma EasyCruit?
ISAE stands for International Standard on Assurance Engagements and is the assurance standard for compliance, sustainability and outsourcing audits. This ISAE 3000 audit covers GDPR in particular.
For Visma EasyCruit, the process for receiving the type I report meant undergoing a true test in the quality and rightfulness of our privacy process and our product. Consequently, all of our data processing documentation was examined by an independent auditor (Ernst & Young).
Why is this report important to us?
The report covers Visma’s role as data processor and will give you a good understanding of how Visma is working systematically with data protection through organisation, processes and risk management. The necessary security measures taken, in order to protect your personal data using Visma EasyCruit, are described in detail. All these areas are tested by Ernst & Young and the results of the tests are available in the report.
We have policies and procedures in place to ensure we can comply with our obligations related to data processing. These include dealing with data subjects’ requests, managing and informing the clients in the event of a personal data breach, and ensuring our employees are regularly trained when it comes to personal data processing.
The report is available for Visma EasyCruit clients and their auditors. To get access to the full ISAE 3000 type I report, please contact your Visma EasyCruit Customer Success Manager.