Build trust with GS 007 in 2024

Demonstrate your compliance with investment mandates and appropriate registry, administration and custody activities.


Is this the year you grow with SOC 2?

There’s no better standard to baseline your information security and earn trust with a broad customer base.

AssuranceLab is a registered CPA and CA firm ready to help you earn trust with SOC 2 in the US and globally.

We provide end-to-end readiness and audit services, with a cloud-native and agile approach that enables you to work at your own pace.


You’re in great company. We work with hundreds of fast-growing software companies across 13 countries, ranging in size from 2 to 26,000 employees.


You’re in great company. We work with hundreds of fast-growing software companies across 20+ countries, ranging in size from 2 to 26,000+ employees.


Is this the year you

grow with GS 007?

Asset management GS 007 reports demonstrate appropriate handling of client investments.

AssuranceLab is a registered CPA and CA firm ready to help you earn trust with your clients globally.

We provide end-to-end readiness and audit services, with an agile approach that enables you to work at your own pace.

Civic Ledger Logo_Navy_Official


Clear reasons to act



A globally recognised attestation
report to build trust at scale


Customer comfort
and trust

A detailed report addressing crucial
customer due diligence questions


Minimal business

Agile and flexible audits that help minimise the disruption while meeting client deadlines


Choice of

Optional control objectives to satisfy various technology and financial objectives.



A strong starting point in meeting
multiple related frameworks,
standards and certifications


Recognition of
partial progress

The ability to achieve a GS 007 report
with outstanding issues or process improvements


Four Steps to a GS 007

left arrow right arrow
GS 007 Readiness Assessment

GS 007 Readiness Assessment

We built Pillar so you can assess your compliance with 30+ global standards. It helps you get started with a tailored view of your controls and any gaps to prepare for our compliance audits for one or more frameworks. And, Pillar is always free.

Remediation Support

Remediation Support

We guide you as you address any gaps and implement fit-for-purpose processes that align with your culture and the GS 007 reporting objectives. Our flexible and responsive team helps you work through it at your own pace.

GS 007 Type 1 Audit

GS 007 Type 1 Report

We conduct the Type 1 audit at your pace to help you minimise disruption and learn through the process. Our iterative reviews and feedback helps you stay on track and achieve real operational benefits for your company.

GS 007 Type 2 Audit

GS 007 Type 2 Report

We conduct the Type 2 audits either at your pace within a defined timeline to suit your preference, or increasingly with our continuous audit practices that conduct the audits in the background throughout the year to minimise disruption and increased confidence in your compliance.

Get started your way.
We’re ready when you are!


Your questions answered

What is GS 007 Reporting?

The Guidance Statement 007 (GS 007) is an Australian reporting framework designed for financial services. It includes defined control objectives related to Investment Management, Fund Administration, Registry, and Custody, that you can optionally include in a report to build trust with your customers. These cover the ways investments are managed in compliance with relevant client agreements to build trust that their investments and requirements are safeguarded.

Which areas of GS 007 does AssuranceLab cover?

At this stage AssuranceLab's services and product, Pillar, support GS 007 Sections A: Custody, B: Asset Management, E: Investment Administration, and F: Registry. Pillar conducts the initial readiness assessment to map your systems, processes and controls to the objectives, and identifies any gaps for consideration to prepare for the audits.

What are Type 1 and Type 2 reports?

A Type 1 report attests to your compliance by design. It’s a snapshot in time that can be achieved by showing you have the right systems and processes in place to satisfy the GS 007 control objectives. 

A Type 2 report attests to your compliance by both design and operation over a period of time. It covers a period between 3-12 months to show your systems and processes have been operated consistently to satisfy the GS 007 control objectives. 

Usually, a Type 1 report is issued first to baseline compliance. That marks the start of the live and recurring Type 2 audit periods for reports issued annually. That is the industry standard but the SOC standards have flexibility to choose the report dates and periods as desired (usually driven by customers’ expectations that drives that industry
standard approach).

Can you fail GS 007?

Not as such. GS 007 reports are not pass/fail. The report can be issued with any number of exceptions and qualifications. Most companies choose to delay their issuance of a GS 007 report until it is “clean”. If you are in an annual reporting cycle with customer commitments, you may not have that flexibility, so the report may be issued with disclaimers about any identified exceptions and qualifications.

Does GS 007 overlap with commonly required security compliance?

Yes, there is a large degree of overlap. All GS 007 reports need to cover the security and operational management of the underlying systems used. That is very similar to the focus of a SOC 1 or SOC 2 report that are commonly required for security compliance by large enterprise customers. These also have a lot of overlap with ISO 27001 certification, however this SOC reporting approach varies in the way it looks at the systems, processes and controls in comparison to the ISO standards looking at the management system with a more prescribed view of the controls.

Can we reduce the audit work by using a compliance platform?

Yes, is the short answer. Unlike ISO 27001, there’s no prescribed audit days, so using automation can help auditors achieve the required level of comfort in your controls in less time. But that relies on an audit firm that’s familiar with the specific platform you’re using and that has an audit approach built for it. It also only works if the controls and scope of the audit are limited to the way the platform works. If you look to have customised controls or diverge from the way the platform works, it can cause additional work for the audit.


Earn trust with other leading standards


Blended Audits

Combine two or more compliance frameworks into a single blended audit process without duplication to scale trust, not costs and effort.



The de facto global and best practice standard for proving secure handling of electronic protected health information (ePHI).


Custom Frameworks

Manage any compliance obligations from customers, regulators or your own internal risk requirements with custom frameworks.


ISO 27001

An international framework to apply a structured and best practice methodology for managing information security.



A comprehensive, best practice standard for cloud security to achieve Level Two accreditation in the security, trust and risk (STAR) register.


Consumer Data Right

Access consumer data in Australia’s economy-wide open data regime with Consumer Data Right accreditation.


ESG Reporting

A flexible and lightweight framework to report up to 500+ positive impact activities supporting environmental, social and governance (ESG) objectives.



The global gold-standard for privacy. GDPR is regulated for personal data collected from EU citizens, and an effective framework to satisfy enterprise customers globally.



Trust services criteria to satisfy a broad customer base globally for security, availability, confidentiality, privacy and processing integrity.



The global gold-standard for privacy. GDPR is regulated for personal data collected from EU citizens, and an effective framework to satisfy enterprise customers globally.


Get started your way

We’re ready when you are

Can’t wait?

Our free products help you get started without any fuss:


The always-free GRC platform that powers trust for hundreds of technology companies.

policytree-tab-button-normal (1)

Our 40-minute policy generator; a better alternative to cookie-cutter templates.