Yes and no. ISAE 3000 is the standard for non-financial information, a report on security is non-financial information. If an auditor provides assurance with a report consisting security, ISAE3000 should be applied.
No, ISAE 3000 is the standard for assurance over non-financial information, ISAE 3402 is the standard for reports from service providers (outsourcing), this is part of non-financial information.
ISAE 3000 is the standard for assurance over non-financial information, ISAE 3402 is the standard for reports from service providers (outsourcing), this is part of non-financial information.
No, not necessary if your client request that you should be ISAE 3000 certified only, a ISAE 3000 might suffice. IF your ISAE 3000 is used by an external auditor (user auditor), a ISAE 3000 might be more appropriate for the auditor to use the report for his audit.
ISAE 3000 can help you better structuring procedures and organizing your security measures. An independent auditor will analyse your security procedures and provide feedback on their existence (type I) or operational effectiveness (type II).