For the past six months, we at Compent have been working intensively on our ISAE 3000 process together with the audit firm inforevision. It has required structure, focus, and discipline within our internal processes, but we have reached the finish line: We have just completed our ISAE 3000 (Type 1) assurance report.
Why have we spent the last six months letting an external auditor look so closely at our operations?
Because we see a clear and necessary trend in our day-to-day operations: We build, integrate, and take over the operation of more and more complex systems for our clients, where data security and compliance mean more than ever. Amidst all the visions of new technologies, smart features, and advanced solutions, there is one foundation that must never be compromised by empty promises or unpredictable quick fixes: The security surrounding the data we handle.
Let's be completely honest. An audit report rarely clears the front pages, and very few people read through its many pages as bedtime literature. But to us, this assurance report is one of the most important and valuable documents we have held in our hands for a long time.
Promises are free. Proof is something else.
This is not something we have simply assessed ourselves. It is the independent conclusion of the auditor as of May 26, 2026.
What It Actually Means — and Why It Matters to You
When Compent develops, integrates, or maintains digital solutions for you, we act as the data processor, and you are the data controller. In a time where you as clients have more and more systems to manage, this is a real division of responsibility that you must be able to document to the Data Protection Authority, auditors, and business partners.
With our ISAE 3000 report in hand, you get:
-
Independent proof: You don't just have our word for it that we handle data correctly, but the word of an independent auditor.
-
Directly applicable documentation: The report can be used directly in your own compliance documentation and risk assessment. Therefore, you don't have to waste internal resources on conducting in-depth and time-consuming audits of us yourselves.
-
Peace of mind: If something goes wrong with a vendor, "we trusted them" is not a sufficient answer. Now you have it in black and white that you have carried out your due diligence on a foundation where data security weighs heaviest.
Privacy by Design: Security Is a Craft, Not a Checklist
We believe that IT security must be thought into the very first line of code. It is not something you paste on at the last minute on a Friday afternoon just to please an auditor. It is an integrated part of our culture.
The responsibility for information security is anchored right at the top with our CEO, Jeppe, and our CTO, Vadym. This means that our primary security principles of Zero Trust and OWASP Top 10 permeate everything we do:
-
No playing with real data: All personal data is consistently anonymized or pseudonymized when we develop and troubleshoot in our test and staging environments.
-
Robots for the monotonous tasks: When we deploy software, it is done mechanically via an automated CI (Continuous Integration) pipeline. This minimizes human error and ensures a completely uniform process.
-
Tight control: Access to our internal systems is managed centrally via Microsoft Entra ID, protected with MFA(multi-factor authentication), and constantly monitored against attacks.
-
Clear boundaries: We always clarify that we are not a hosting or storage provider for solutions containing sensitive personal data. Our clients' data is stored on servers within the EU managed by themselves or a third party — our job is strictly limited to the precise, technical access required for troubleshooting and service to ensure stable operations.
Business in the Driving Seat
Technology must always serve the business and turn needs into stable, scalable systems — not the other way around. Today, more than ever, businesses need a solid, structured, and secure data foundation to navigate safely.
With the ISAE 3000 report in hand, we now have it in black and white that Compent is the secure and professional foundation our clients can build their digital future upon.
If you would like to receive the report for your own compliance work, or just want to hear more about how we integrate security into our daily work, you are always welcome to reach out to us.