What is an outsourced Middle Office with an ISAE 3402 statement?

A number of professional customers have outsourced their Middle Office function to Assure. These include insurance companies, asset managers, family offices and foundations.

In some customer relationships, we have direct access to the company's own portfolio management system, and for some customers we do consolidated reporting via Assure's own system solution.

Of course, it is of paramount importance to our customers that their Middle Office service provider meets the highest standards in IT security and IT processes.

Of course we do at Assure.

That's according to our ISAE 3402 statement prepared by Grant Thornton's chartered accountants, experts in IT auditing.

Assure has a type 2 declaration. A company can achieve this when it can prove to the IT audit that it complies with the defined security standards and business procedures and has done so over a longer period of time, typically one year.

Outsourced Middle Office and consolidated reporting with ISAE 3402 statement

The statement is a benefit for our customers. Their audit house can base their audit on the statement and therefore don't have to deal with all of Assure's processes and controls. This makes that part of the audit easier.

With the ISAE 3402 declaration, our customers have proof that with Assure as their outsourcing partner and reporting service provider, they meet the applicable auditing standard in the IT security area.

The statement is a verification of Assure's standards, quality and continuity of processes in wealth reporting.

The ISAE 3402 declaration formalizes and standardizes Assure's workflows. This benefits all our customers. This includes private wealth owners, foundations, utilities, insurance companies, investment advisors, asset managers and family offices.

In several areas, the IT processes we have been following for several years have now been verified and formalised in the context of the ISAE 3402 declaration.

Here are four examples of what the ISAE 3402 statement documents:

Risk assessment

At Assure, we continuously take an active stance on identified risks associated with our business and take necessary actions to manage existing or newly identified risks. This is done to increase the security of our services and solutions and to ensure stable production.

It-drift

Assure organizes daily operations and production using well-defined operating procedures and a contingency plan ensures that operations can continue despite incidents that could otherwise result in downtime.

IT development

Assure's considers IT security standards from the start when developing new solutions. This includes new reporting solutions that give our customers a complete overview of their assets and apps that give our customers a basis for comparison of investment products.

Assure practices the four eyes principle. This means that a minimum of two employees check all deliveries to our customers. This ensures that the customer is guaranteed high quality and correctness in the service.

Supplier relations

Our sharp focus on IT infrastructure also means stringent requirements in our IT suppliers, which involve everything from hardware and access management to restore processes. This enables us to guarantee our customers a high level of IT security in their overall outsourcing set-up in the Middle Office area.

IT security in asset reporting

Based on the 3402 declaration, our customers have the guarantee that we live up to the IT security we promise.

Outsourced Middle Office services help clients with their own systems solution, and consolidated wealth reporting gives holders of large assets a single view of their wealth portfolio, whether they are wealthy families, foundations, utilities, companies or others with large assets invested through several different banks or asset managers.