Cybersecurity

Our ISAE3402 declaration and building a
full-circle approach to security

April 2023

We are thrilled to announce that Secomea has obtained the ISAE3402 declaration, marking a significant milestone in our commitment to providing the highest level of security for our customers.

The ISAE3402 declaration is a testament to our dedication to security and our ability to provide a safe and reliable service. It ensures that our security capabilities are fully documented and that we comply with international information security standards.

You can learn more about our approach to cybersecurity here.

What is ISAE3402 declaration?

The ISAE3402 declaration is an international standard for assurance reporting on controls at service organizations. The report is a comprehensive document that describes the controls in place at organizations, including policies, procedures, and safeguards, and provides an assessment of their effectiveness.

The ISAE3402 process involves a rigorous evaluation by a third-party auditor who assesses the controls in place and provides an opinion on their validity.

So, what does this mean for Secomea customers?

With this control report, Secomea has now achieved full-circle documentation of our security capabilities, particularly with our recent annual audit for IEC62443-4-2:

Before going to market/placing on the market 

Product Security:

• IEC62443-4-1 Certified for Process Maturity (lifecycle requirements for systems creation, implementation, and maintenance)
• IEC62443-4-2 and IEC62443-3-3 audited for Product Security

During maintenance/servicing product 

Organizational security measures:

• ISAE3402 Audit declaration from independent third party, controls from ISO27002

After delivery and throughout the lifetime 

Official CVE Numbering Authority (CNA):

• Cyber Advisory procedure for vulnerability handling
• Intake mechanism for external parties to report vulnerability

This level of transparency allows our customers to make informed decisions about their own security practices, including their supplier evaluation process. It also means that our customers can rest assured that we have met the highest information security standards, providing them with a robust and secure service.

The NIS2 directive is relevant to the majority of Secomea’s customers, as they must evaluate their suppliers based on the overall quality of products and cybersecurity practices of their suppliers and service providers, including secure development procedures. With the ISAE3402 declaration, we are now able to demonstrate to our customers that we meet the industry security standards and provide the assurance they need to meet NIS2 compliance.

Security and compliance…

Security is paramount at Secomea, and we’re committed to doing all we can to ensure our customers remain protected in the ever-evolving threat landscape. The documented security capabilities provided by these third party audits are essential to both IT and OT environments, ensuring comprehensive security processes that addresses both domains.

In IT environments, our customers rely on us to provide secure remote access solutions that allow them to connect to their assets without compromising security. This is especially important in the current climate where remote work is becoming more prevalent, and the attack surface is expanding. Our ISAE3402 declaration demonstrates that Secomea has implemented strong policies, procedures, and controls to ensure that our remote access solutions are secure and reliable.

In OT environments, our customers require secure remote access solutions that allow them to manage their industrial control systems (ICS) without compromising safety. This is crucial, as any unauthorized access to these systems could have catastrophic consequences. Our IEC62443-4-1 certification demonstrates that we have implemented strong security measures to protect our customers’ ICS networks and ensure that their critical infrastructure remains safe and secure.

In summary, Secomea’s documented security capabilities are necessary to both IT and OT environments, and our recent declarations provide customers with the assurance they need to trust our services. We will continue to invest in security and work closely with customers to ensure that their security needs are met both now and in the future.

If you have any questions or would like to understand more about our processes, please do not hesitate to reach out.