Build trust with GS 007 in 2024

Demonstrate your compliance with investment mandates and appropriate registry, administration and custody activities.


We work with more than 500 fast-growing companies across 20+ countries, ranging in size from 2 to 26,000+ employees.


Is this the year you

grow with GS 007?

The Guidance Statement 007 (GS 007) is an Australian reporting framework designed for financial services. 

It includes defined control objectives related to Investment Management, Fund Administration, Registry and Custody. It demonstrates appropriate handling of client investments.

AssuranceLab is a registered CPA and CA firm ready to help you earn trust with your clients globally. We provide complete audit services, with an agile approach that enables you to work at your own pace.

Ready to get started with GS 007?



Four Steps to a GS 007

left arrow right arrow
GS 007 Readiness Assessment

GS 007 Readiness Assessment

Integrating with many compliance platforms, we provide a tailored view of your controls and any gaps to help you prepare for your audit.

Remediation Support

Remediation Support

We guide you as you address any gaps and implement fit-for-purpose processes that align with your culture and the GS 007 reporting objectives. Our flexible and responsive team helps you work through it at your own pace.

GS 007 Type 1 Audit

GS 007 Type 1 Report

We conduct the Type 1 audit at your pace to help you minimise disruption and learn through the process. Our iterative reviews and feedback helps you stay on track and achieve real operational benefits for your company.

GS 007 Type 2 Audit

GS 007 Type 2 Report

We conduct the Type 2 audits either at your own pace within a defined timeline or incrementally throughout the year to minimise disruption and increase confidence in your compliance. 

Ready to get started on your compliance journey?


Clear reasons to act


International credibility

A globally recognised attestation
report to build trust at scale


Customer comfort and trust

A detailed report addressing crucial
customer due diligence questions


Minimal business disruption

Agile and flexible audits that help minimise the disruption while meeting client deadlines


Choice of goalposts

Optional control objectives to satisfy various technology and financial objectives


Multi-standard compliance

A strong starting point in meeting multiple related frameworks, standards and certifications


Recognition of partial progress

The ability to achieve a GS 007 report
with known process improvements


Your questions answered

What is GS 007 Reporting?

The Guidance Statement 007 (GS 007) is an Australian reporting framework designed for financial services. It includes defined control objectives related to Investment Management, Fund Administration, Registry and Custody, that you can optionally include in a report to build trust with your customers. These cover the ways investments are managed in compliance with relevant client agreements to build trust that their investments and requirements are safeguarded. GS 007 reporting covers the following investment management services. 
  1. Custody
  2. Asset Management
  3. Property Management
  4. Superannuation Member Administration
  5. Administration
  6. Investment Administration
  7. Registry
  8. Information Technology

Which areas of GS 007 does AssuranceLab cover?

At this stage, AssuranceLab supports GS 007 Sections A: Custody, B: Asset Management, E: Investment Administration, F: Registry and G: Information Technology. We conduct the initial readiness assessment to map your systems, processes and controls to the objectives and identify any gaps for consideration to prepare for the audits.

At the moment we do not cover sections C: Property Management and D: Superannuation Member Administration. 

Do I have to meet all investment management services to meet the GS 007 reporting requirements?

No, only those investment management services that meet your business requirements are in scope for the audit.

Type 1 and Type 2 reports: what's the difference? 

A Type 1 report attests to your compliance by design. It’s a snapshot in time that can be achieved by showing you have the right systems and processes in place to satisfy the GS 007 regulatory clauses.

A Type 2 report attests to your compliance by both design and operation over a set period of time, usually between 3-12 months, to show your systems and processes have been operating consistently to satisfy the GS 007 regulatory clauses.

Usually, a Type 1 report is issued first to baseline compliance. That marks the start of the live and recurring Type 2 audit periods for reports issued annually.

Can you fail a GS 007 audit?

Not as such. GS 007 reports are not pass/fail. The report can be issued with any number of exceptions and qualifications. Most companies choose to delay their issuance of a GS 007 report until it is “clean”. If you are in an annual reporting cycle with customer commitments, you may not have that flexibility, so the report may be issued with disclaimers about any identified exceptions and qualifications.

Does GS 007 overlap with commonly required security compliance?

Yes, there is a degree of overlap. All GS 007 reports need to cover the security and operational management of the underlying systems used. That is very similar to the focus of a SOC 1 or SOC 2 report that is commonly required for security compliance by large enterprise customers. These also overlap with ISO 27001 certification, however, the SOC reporting approach varies in the way it looks at the systems, processes and controls in comparison to the ISO standards looking at the management system with a more prescribed view of the controls.

Can we use compliance automation platforms for GS 007?

Unlike other standards, there are no prescribed audit days, so using automation can help auditors achieve the required level of comfort for their controls. But that relies on an audit firm that’s familiar with the specific platform you’re using. It also only works if the controls and scope of the audit are adaptable to the platform. If you look to have customised controls or diverge from the way the platform works, it can cause additional work. We integrate with many compliance automation platforms to ensure a streamlined approach to your audit.


Earn trust with other leading standards


Blended Audits

Combine two or more compliance frameworks into a single blended audit process without duplication to scale trust, not costs and effort.



The de facto global and best practice standard for proving secure handling of electronic protected health information (ePHI).


Custom Frameworks

Manage any compliance obligations from customers, regulators or your own internal risk requirements with custom frameworks.


ISO 27001

An international framework to apply a structured and best practice methodology for managing information security.



A comprehensive, best practice standard for cloud security to achieve Level Two accreditation in the security, trust and risk (STAR) register.


Consumer Data Right

Access consumer data in Australia’s economy-wide open data regime with Consumer Data Right accreditation.


ESG Reporting

A flexible and lightweight framework to report up to 500+ positive impact activities supporting environmental, social and governance (ESG) objectives.



The global gold-standard for privacy. GDPR is regulated for personal data collected from EU citizens, and an effective framework to satisfy enterprise customers globally.



Trust services criteria to satisfy a broad customer base globally for security, availability, confidentiality, privacy and processing integrity.

Get started your way

We’re ready when you are



The global gold-standard for privacy. GDPR is regulated for personal data collected from EU citizens, and an effective framework to satisfy enterprise customers globally.