Specialty Reporting

  • CSAE 3416
  • CSAE 5025
  • NI 52-109 & SOX

CSAE 3416/5025

Leading service providers often supply their clients and prospects with a Service Auditor’s Report on the effectiveness of policies, processes and procedures in place within their operations.
Conducted by an independent auditor, a Service Auditor’s Report examining the controls your business has in place, demonstrates your commitment to operational excellence.
The Service Auditor’s Report is issued under Canadian standards in accordance with CSAE 3416 and 5025, under American standards in accordance with SSAE 16 (SOC 1, SOC 2, SOC 3), and under international standards in accordance with ISAE 3402.
Fernhill professionals have worked with clients in complex environments throughout the world. Our team of technical and operational experts has audited service providers in virtually every industry, in many cases contributing additional value through solutions that maximize their operations. With decades of experience, we take a proactive hands-on approach, and senior team members are actively involved with every engagement.


PCI DSS-Qualified Security Assessors (QSA) Audit, PCI DSS Remediation Support, PCI DSS Readiness Review. We use a technical framework to develop a robust payment card data security process, including prevention, detection and appropriate reaction to security incidents through the following services:

Pre-compliance/gap analysis

  • On site review and gap-analysis

Network vulnerability scans

  • Identify and prioritize network vulnerabilities

Penetration testing

  • Penetration test services

Onsite assessments

  • PCI DSS Compliance for Level 1 and 2 merchants


  • Assistance with information security policies and procedures
  • Secure network architecture design
  • Gap analysis
  • Remediation guidance

Remediation services

  • Ensure all deviations from the PCI DSS requirements are either remediated or compensating controls are used in mitigating the risk