At KPMG, our security framework is governed by the Global Information Security Policies and Standards established by the KPMG International. These requirements define the mandatory controls for protecting our infrastructure and the information assets managed by our organization.
KPMG International is certified to ISO 27001 and ISO 27017, and our local operations leverage cloud services provided by the KPMG International. These certifications validate that the management systems and cloud security controls integrated into our global service delivery meet recognized international standards.
To ensure ongoing adherence, compliance monitoring against these global policies and standards is conducted annually through our International Information Protection Audit Program. This rigorous evaluation ensures that security posture in KPMG remains robust.