Requirements for additional certifications

Answer: The need for compliance with ISAE 3402, and with any other standard at all, when an organization already has ISO 27001 and it is compliant with EU GDPR (currently there are no available certification mechanisms pursuant to EU GDPR article 42 requirements - https://advisera.com/eugdpracademy/gdpr/certification/), may be required because of specific laws, contracts, agreements or other legal requirements demanding them.

Although ISO standards are world wide recognized, and EU GDPR is mandatory on EU territory, there may be situations in specific countries which require compliance with other standards. The positive thing is that ISO standards are comprehensive enough to help fulfil some of these requirements, minimizing the compliance costs and effort.