Information Security Management System

Information Security Management System

KPMG's Information Security Management System ISO27001 certification has successfully been renewed.

KPMG's Information Security Management awarded again ISO27001 certification.

In our line of business, information is a core asset that must be protected. Our clients’ trust in KPMG depends significantly on their confidence in the way we handle their data. Our people, suppliers and other third parties also need to know that that their personal data is safe with us.

That’s why information security is a leadership topic at KPMG. We’re committed to providing a secure and safe environment for all personal data and confidential information we hold. We voluntarily seek external assurance to ensure we maintain a high standard of information security at all times.

What is information security?

Information security is all about protecting information in all its forms, whether physical or electronic, in the cloud or at our offices. An information security management system is designed to prevent unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

How does KPMG safeguard confidential information?

KPMG’s information security requirements are set out in the Global Information Security Policies and Standards published by KPMG International. Compliance monitoring against these standards and policies is carried out through our international information protection audit program and is supplemented by annual checks by the Global Information Protection Group.


KPMG’s integrated approach to information security is based on four core principles:

Four core principles of KPMG’s integrated approach to information security

Prevent: We take measures to defend against commodity/common attacks against key information that KPMG develops or maintains in our role as trusted data broker for our clients.

Detect: We monitor our systems to identify more sophisticated attacks or security gaps that can develop over time due to normal operations, and address the needs of changing and emerging technology.

Respond: Our response plans enable us to deal with incidents quickly and effectively and align our approaches to changing threats.

Predict: We strive to improve our skills and processes continuously, supported by the right organization delivery and technology to maintain our acceptable level of operating risk.

Certified security

KPMG AG is certified to ISO 27001, the international standard for information security management. The scope of our certification includes our IT processes, IT business assets, client data in core systems, offices and physical locations.

Obtaining and maintaining ISO 27001 is part of our commitment to information protection. We are independently audited against the standard every year by an accredited external third party.

ISO27001 certificate (PDF)

ISO27001 Certificate

Connect with us