Information security is front page news across the globe, with a constant flow of new breaches, hacks and incidents undermining public confidence in the ability of organizations to keep their data safe. While industry regulators are focusing their energies on ensuring that organizations take the emerging threats seriously and that information security is scrutinized at the highest level in the organization, it is up to you to demonstrate your capability to meet your client’s compliance needs and strengthen their confidence in your ability.

As clients are increasingly sensitive to the measures taken to ensure availability of their systems and protection of their confidential and personal data; real or perceived security breaches may cause them to believe that your organization is unable to conduct business securely and responsibly. Deficiencies in the security offered by you may result in the release of client information and can lead to reputational damage both to you and your clients.

How an ISO 27001 certificate can benefit your organization

  • An ISO 27001 certification is proof of your capability of maintaining an effective Information Security Management System to a broad public, including Industry Regulators and your (potential) clients
  • A SOC2 report based on ISO 27001 has the same look and feel as a SOC1/ISAE3402 report and provides your clients with sufficient information (independent service auditor’s opinion, management assertion, system description, tests performed by service auditor and tests results) to meet their assurance needs
  • The integration of the ISO 27001 certification with SOC2 reporting, cyber security and GDPR Attestation allows us to perform the audit in a more efficient manner (“multi-purpose testing”), enables us to pass on these cost savings and reduction in number of audit days to you and reduces the burden on your internal resources.
  • An ISO 27001 certificate can be the basis for enabling you to obtain a GDPR Certificate (based on ISO 27701) in a very efficient manner.
  • A cyber security attestation report using ISO 27001 as control criteria provides information about your cyber security risk management program.
  • A GDPR attestation report using ISO 27001 to respond to the GDPR security requirements provides information about how you manage your compliance with the new regulation.
  • KPMG offers the ISO 27001 certification services through KPMG Certification BV and the SOC2 reporting, Cybersecurity and GDPR Attestation services through KPMG Advisory BV.

How we can help

KPMG Certification has a team of trained ISO 27001 lead auditors with extensive experience of performing certifications across all industry sectors. In addition, KPMG Certification has access to a broad range of lead auditors in the KPMG certification bodies in the UK, Germany, Switzerland, Finland and Canada.

KPMG is a global leader in delivering Service Organization Control (SOC) reporting, cybersecurity and GDPR attestation services. The IT Attestation practice consists of a globally accredited network of partners and professional staff who provide a range of IT attestation services to help organizations satisfy their third-party assurance requirements.

We have established a global accreditation process to help ensure consistency and quality in the delivery of attestation and assurance services including SOC1 and SCO2 examinations as well as cyber security and GDPR examinations and Agreed Upon Procedures. We have over 1,000 professionals fully trained in the SOC, cyber security and GDPR examination process through our global IT Attestation Instructor network.