After completing this session, you will be able to: • Be aware of what assurance a certification 27001 can give you as a customer and recognise the traps when evaluating a provider’s certification. • Recognise what assurance an ISAE3402 can give you as a customer and the traps when evaluating a provider’s assurance ISAE 3402 report and what do you need to require to be able to get assurance. • Know the difference between ISAE3402/SOC1 and Soc2 and which report should be used for which situation and what to require from the different reports. • Evaluate an assurance report and evaluate whether there are any main weaknesses at the provider, if it is relevant and if it is sufficient for relying on the report solely. • Know the new cloud security requirements in the new General Data Privacy Regulations. • Comprehend contractual requirements you can apply such as exit and verify period criteria.