The challenge

• Information security is front page news across the globe, with a constant flow of new breaches, hacks and incidents undermining public confidence in the ability of organizations to keep their data safe.
• Industry regulators are focusing their energies on ensuring that organizations take the emerging threats seriously and that information security is scrutinized at the highest level in the organization.
• Your clients are becoming increasingly sensitive to the measures taken to ensure availability of their systems and protect their confidential and personal data, especially with the EU General Data Protection Regulation (GDPR) coming into force as from 25 May 2018.
• Deficiencies in the security offered by you may result in the release of client information and lead to reputational damage both to you and your clients.
• Real or perceived security breaches may cause your clients to believe that your organization is unable to conduct business securely and responsibly.
• You must demonstrate your capability to meet your client’s compliance needs and strengthen their confidence in your ability.
  
  

How KPMG can help

• An ISO 27001 certification is proof of your capability to maintaining an effective Information Security Management System to a broad public, including Industry Regulators and your current and future clients
• A SOC2 report based on ISO 27001 has the same look and feel as a SOC1/ISAE3402 report and provides your clients with sufficient information (independent service auditor’s opinion, management assertion, system description, tests performed by service auditor and tests results) to meet their assurance needs
• The integration of the ISO 27001 certification with SOC2 reporting, Cybersecurity and GDPR Attestation allows us to perform the audit in a more efficient manner (“multi-purpose testing”) and enables us to pass on these cost savings and reduction in number of audit days to you; in addition this will significantly reduce the burden on your internal resources.
• An ISO 27001 certificate can be the basis for enabling you to obtain a GDPR Certificate (based on ISO 27701) in a very efficient manner.
• KPMG offers the ISO 27001 certification services through KPMG Certification CVBA and the SOC2 reporting, Cybersecurity and GDPR Attestation services through KPMG Advisory CVBA.