Oftentimes, companies that want to outsource their data center to LCL look for assurance regarding information security. One of the ways we prove our quality measures, is by bringing in the experts from Deloitte for yearly ISAE 3402 type 2 reporting. We are proud to announce that the audit was a success and that the results are in line with the previous year.
Internationally recognized certification
ISAE 3402 is an international service organisation assurance standard and is assessed by independent and certified auditors. It does not only demonstrate current quality measures, but also tests its effectiveness for an extended period.
It proves that a data center has sufficient internal controls for things such as risk management, access to the data center, incident management, maintenance of the perimeter and generators, among other things. The audit is always done from a financial reporting perspective. ISAE 3402 is an internationally recognized certification and helps customers make better decisions. It consists of a type 1 and type 2 report.
ISAE 3402 type 1
An ISAE 3402 type 1 report relates to one specific date and therefore does not show whether measures have also worked well during a certain period.
ISAE 3402 type 2
LCL brought in the experts from Deloitte for ISAE 3402 type 2. This report includes a statement of the auditor that describes that the control measures have worked effectively for a period of 12 months. A consequence of this is that the audit is much more extensive than a type 1 audit. This report proves that you can count on secure and properly maintained infrastructure at LCL.
Physical and environmental security
The focus for this audit by Deloitte was two areas: physical security and environmental security within LCL. LCL brought in 18 points to be examined.
Examples of physical security aspects: working in secure areas, physical access controls, physical access policies, and logging settings. Some of the testing was done through corroborative inquiry about whether policies or procedures for working in secure areas are available. Performed in each computer facility and on-site visit, and ensuring sensitive or critical information is protected, was also included. As for the environmental security, operating tests were executed regarding measures such as fire extinguishers, power failure and equipment protection.
The audit was conducted in LCL’s data center locations in Brussels-North, Brussels-West, Brussels-South and Antwerp. LCL Wallonia One will be included in the scope next year. The ISAE 3402 type 2 report is experct for mid-February 2022.
Want to know more about LCL’s certificates? Check our certificates and sustainability strategy.