Third Party Assurance

How safe is my data with you? That is a question you are asked more and more often. Transparency as to how you handle data and information is extremely important. Your customers will want to know what measures you have taken and according to which standards you work. And which IT guidelines do you need to comply with? Mazars' specialists will be able to advise you on this and provide you with assurance reports or certification.

Third-Party Assurance surveys

A Third-Party Assurance survey provides an insight into the effectiveness of your internal control measures. Yet the specialists of Mazars look further. They also examine your ‘IT reality’: this concerns the technical aspects of your system. Only this way you can be sure that your systems are safe and that you handle your customers' data safely.

  • ISAE 3402 provides assurance on the financial processes you have outsourced. Public distribution of the reports is not permitted.
  • SOC 2: in addition to assurance on financial processes, SOC 2 also provides security on other processes that have been outsourced. With regard to this type of survey too, public distribution of the findings is not permitted.
  • SOC 3: an SOC 3 survey provides you with assurance on your web applications and is characterised by a wide target audience for distribution.
  • Third-Party Memorandum (TPM) 3000: like SOC 2, this type of survey can be applied to various processes. In addition, this type offers you the option of public distribution of the reports.
  • Assurance report on information security: if you use IT services of an IT provider, you want to know how safe your data is when handled. In that case, a survey into information security is vital.
  • Privacy compliance: your customers must be able to trust your systems and applications. Do you comply with the guidelines? The specialists of Mazars check your systems and applications against the guidelines. Do you want to qualify for a ‘Privacy Audit Proof’ quality mark? This too is examined by our specialists. This means your customers can continue to put their trust in your organisation.
  • DigiD assessment: every organisation with a DigiD connection must check whether the guidelines are complied with, each year. If you fail to comply with the Logius guidelines, your web applications run the risk of being disconnected. In addition to an assessment, we can assist you with vulnerability scans and penetration tests. This way you can be sure that your systems are working safely and that you handle your data safely.


The correct survey, assessment or analysis for your organisation depends on your obligations and your customers' wishes. The specialists of Mazars will conduct the right survey, assessment or analysis for you. Not only will they be looking at procedures, but also to actual practice (reality): how has the system been set up, how is the system used and what dangers does this involve. This way you can meet and exceed the questions and expectations of your customers.