IT Attestation

IT Attestation

Assurance reports are now issued under ISAE 3402 “Assurance Reports on Controls at a Service Organization”

Assurance reports are now issued under ISAE 3402 “Assurance Reports on Controls at a Se...


Global outsourcing is set to increase manifold in the coming years. The business environment is changing at a rapid pace. New technologies are being adopted, new delivery models are being tried out, regulatory requirements are constantly changing and cyber risk has emerged as a real threat to businesses. In this complex environment, organisations are looking at a means for establishing a trusted environment for doing business. It is in this context that third party reporting frameworks such as Service Organization Control (SOC 1, SOC 2 and SOC 3), Statement on Standards for Attestation Engagements (SSAE16), International Standard on Assurance Engagements (ISAE3402) reporting have gained widespread acceptance. 

KPMG in India is a leader in the provision of IT Attestation services and is working with a lot of leading organisations to help establish this trusted environment for doing business. Our services include:

  • SOC 1 (ISAE3402 / SSAE16): Assurance on controls relevant to the customers’ internal control over financial reporting (SOC 1 - ISAE3402/SSAE16)
  • SOC 2 & SOC 3 (ISAE3000): Assurance on controls over security, availability, processing integrity, confidentiality and privacy of customer information handled by service organisations based on the Trust Services Principles and Criteria (SOC 2 and SOC 3 - ISAE3000)
  • Agreed upon procedures (AUP): Assistance in performing specific procedures, and providing the results in the form of a report.
  • We provide services in this area, starting from a readiness assessment to conducting the final audit and issuance of the report. It is our endeavour to provide actionable insights to help organisations enhance their internal controls environment, reduce business operation interruptions resulting from multiple audits, and help organisations provide transparent controls-related information to customers and other stakeholders.

Our differentiators:

  • Significant experience in Service Organisation Controls Reporting (SOCR)
  • Strong credentials in managing complex engagements
  • Proprietary controls repository for various industries and processes
  • Teams with international experience
  • Accredited SOCR subject matter experts with a global mind-set
  • Enhanced tools and standardised methodologies enable us to deliver services efficiently.

Connect with us


Request for proposal