Certifications: ISO + ISAE3402

Version January 2022

Anyone who uses the cloud or SaaS services cannot avoid thinking carefully about the security of data that is stored or processed in the cloud. Information security certifications are an important indicator of well-regulated information security. In general, it can be said that your data is safe with cloud suppliers with a certification. Certifications are only awarded if organizations work according to strict procedures and thus demonstrably have the working method in order. We as Exact have multiple certifications and third party attestations like ISAE3402.


ISO27001 is an ISO standard for information security. This International Standard applies to all types of organizations (for example, commercial enterprises, government agencies, non-profit organizations). The standard specifies requirements for establishing, implementing, executing, monitoring, assessing, maintaining and improving a documented Information Security Management System (ISMS) in the context of the general business risks to the organization. The standard specifies requirements for the implementation of security measures that are adapted to the needs of individual organizations or parts thereof. The ISMS is designed to ensure the choice of adequate and proportionate security measures that protect the information and provide confidence to stakeholders. 

Exact products have ISO27001 certifications for various parts. For the design, implementation and maintenance of data center hosting services in the Netherlands, AWS and Azure, including the technical management for the applications and management services that for example Accountancy Gemak offers in these environments.

Certificate and associated statement of applicability of Accountancy Gemak can be downloaded via the links below.

Exact Cloud Services – previously known as Parentix also has a ISO27001 certification. It can be requested via the normal customer success channels or please enter this form with all relevant details.


The ISAE3402 is an international standard. In an ISAE3402 report, the management of the service organization issues a formal statement (a so-called 'management assertion') for its responsibility for the control measures contained in this statement.

The ISAE3402 standard has two types of reports:

  • Type I: For the design and existence of management measures.
  • Type II: In addition to the design and existence, the effective operation of the management measures for a certain period has also been demonstrated.

Exact products and services have several ISAE3402 reports. The reporting and description of testing of controls are available only to existing customers or to auditors of existing customers. These reports (including those for other Exact products) are not free to download, but are only sent on request. You can do this through your account manager or through support.

The following ISAE3402 reports are available:

  • ISAE3402 – Cloud services, including Salary Cloud, for Dutch data centers and Azure
  • ISAE3402 – Managed Payroll Service
  • ISAE3402 – Parentix
  • ISAE3402 – Exact Online
  • ISAE3402 – MM Exact
  • ISAE3402 – ProQuro
  • ISAE3402 – Exact MKB
  • ISAE3402 – Exact Salaris Plus
For other products and services for which a ISAE3402 is available, this can be requested via the customer success channel.
EN Select your country