/Employees/MLA.jpg)
Mikkel Jon Larssen
Partner, Lead of Risk Assurance
As a service provider or data processor, it is necessary to document to customers or authorities that the implemented information security regarding the delivered services is adequate and reassuring and in accordance with the customer contract or applicable legislation.
We possess deep professional competencies across all technical platforms and security standards, as well as in-depth industry knowledge of both the private and public sectors, including municipalities, regions, other actors, and educational institutions. A statement prepared by BDO focuses on the level of information security, and during the audit, we will communicate any observations and provide suggestions on how the level of information security can be enhanced or made more efficient.
We issue the statement in accordance with one of the international standards for statements, depending on the aspects it needs to cover. The purpose and scope of the statement are determined in accordance with the agreed terms on information security in the customer agreement or according to legal provisions. Information security standards – for example, ISO 27001 and ISO 27002 – often form the basis for managing information security, which is implemented in policies with associated control objectives and control activities for the statement.
In addition to documenting information security to existing customers, an independent auditor statement sends a clear signal about the service provider’s or data processor’s quality and professional approach to information security. In this way, the statement is a natural sales parameter and can be of significant importance in negotiating and entering into customer agreements.