Our compliance certifications

Anyone who uses the cloud or SaaS (Software as a Service) services cannot avoid thinking carefully about the security of data that is stored or processed in the cloud. Information security certifications are an important indicator of well-regulated information security. In general, it can be said that your data is safe with cloud suppliers with a certification. Certifications are only awarded if organizations work according to strict procedures and thus demonstrably have the working method in order.

We as Exact have multiple certifications and third-party attestations like ISO27001 & ISAE3402


ISO27001 is an ISO standard for information security. This International Standard applies to all types of organizations (for example, commercial enterprises, government agencies, non-profit organizations). The standard specifies requirements for establishing, implementing, executing, monitoring, assessing, maintaining, and improving a documented Information Security Management System (ISMS) in the context of the general business risks to the organization. The standard specifies requirements for the implementation of security measures that are adapted to the needs of individual organizations or parts thereof. The ISMS is designed to ensure the choice of adequate and proportionate security measures that protect the information and provide confidence to stakeholders.

Exact products have ISO27001 certifications for various parts. For the design, implementation, and maintenance of data center hosting services in the Netherlands, AWS and Azure, including the technical management for the applications and management services that for example Accountancy Gemak offers in these environments.

Certificate and associated statement of applicability of Cloud services (Containing a.o. Accountancy Gemak), can be downloaded via the links below

Exact Cloud Services – previously known as Parentix also has a ISO27001 certification. It can be requested via the normal customer success channels or please enter this form with all relevant details.


The ISAE3402 is an international standard. In an ISAE3402 report, the management of the service organization issues a formal statement (a so-called 'management assertion') for its responsibility for the control measures contained in this statement.

The ISAE3402 standard has two types of reports:

  • Type I: For the design and existence of management measures.
  • Type II: In addition to the design and existence, the effective operation of the management measures for a certain period has also been demonstrated.

Exact products and services have several ISAE3402 reports. The reporting and description of testing of controls are available only to existing customers or to auditors of existing customers. These reports (including those for other Exact products) are not free to download but are only sent on request. You can do this through your account manager or through support.

The following ISAE3402 reports are available:

  • ISAE3402 – Cloud services, including Salary Cloud, for Dutch data centers and Azure.
  • ISAE3402 – Parentix
  • ISAE3402 – Exact Online
  • ISAE3402 – MM Exact
  • ISAE3402 – P2P
  • ISAE3402 – EPS

Questions regarding the availability of ISO and/or ISAE can be shared via the customer success channel.

EN Select your country