Information Security Management System

KPMG is committed to providing a secure and safe environment for all personal data and confidential information we hold. We seek external assurance to ensure we maintain a high standard of information security at all times.

What is information security?

Information security is all about protecting information in all its forms, whether physical or electronic, in the cloud or at our offices. An information security management system is designed to prevent unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

How does KPMG safeguard confidential information?

KPMG’s information security requirements are set out in the Global Information Security Policies and Standards published by KPMG International. Compliance monitoring against these standards and policies is carried out through our international information protection audit program and is supplemented by annual checks by the Global Information Protection Group.

Certified security

KPMG in Thailand is certified to ISO 27001, the international standard for information security management. KPMG International is certified to ISO 27001 and ISO27017, the internationally recognized standard for information security and cloud controls respectively. Obtaining and maintaining both ISO certification is part of our commitment to information protection. We are independently audited against the standard every year by an accredited external third party.