3402 statement and ISO 27001

Answer: I'm assuming you are referring to ISAE 3402, an assurance standard. Considering that, you must first evaluate your needs regarding compliance to legal requirements (e.g., laws, regulations and contracts). If you need to comply with multiple legal requirements, then ISO 27001 has a more comprehensive approach (it requires you to identify, evaluate and treat all requirements that can impact your organization in terms of information security, while ISAE 3402 focus on documenting that an organization has adequate internal controls, generally approached from a financial perspective).

These articles will provide you further explanation about how ISO 27001 can help comply with legal requirements:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- How ISO 27001 can help suppliers comply with U.S. DFARS 7012 https://advisera.com/27001academy/blog/2017/04/24/how-iso-27001-can-help-suppliers-comply-with-usa-dfars-7 012/
- How can ISO 27001 help you comply with SOX section 404 https://advisera.com/27001academy/blog/2017/11/21/how-can-iso-27001-help-you-comply-with-sox-section-404/

These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/