An audit of the type ISAE 3402 documents proper IT conditions at a company and serves as proof that the company complies with legal requirements and good IT practice.
Some companies get an ISAE 3402 made due to requirements from customers and partners; others get them to send a signal of credibility and security to existing and potential customers. Often there is simply a legal requirement that within certain industries or services you must have an auditor's statement, or that you must use a supplier who has an auditor's statement.
The statement relates to all business processes around IT functions that are part of or may affect the financial reporting: Development, operation, emergency preparedness, documentation, etc. It also relates to the completely impractical, such as the physical conditions, such as how servers / data centers are located.
Addo Sign and twoday A/S, under which we operate, have therefore had an ISAE 3402 report prepared so that our customers can see that we comply with the given legislation and IT practices.