The fact that we have both standards doesn’t necessarily mean that our customers are GDPR compliant, but it does get them much closer. After all, the first step for customers to take to comply with the regulations, is to make sure that their IT data is stored securely. Since LCL has both standards, our customers know exactly where they stand. It makes it much easier to assess risk management.
The audit for both assurance reports was conducted by Deloitte. Unlike for an ISO certification, there are no specific criteria for the ISAE with which a company must comply. Therefore, three aspects were chosen: access to the data center (fencing, video surveillance, door), incidents and the reporting thereof, and maintenance (of the fence, the generators, the UPS, etc.). The audit lists the measures which were implemented in practice to manage risks and secure information.