Share with your friends

Strategy and governance

Strategy and governance

Cyber security framework/compliance assessment

  • This service offering focusses on our clients’ ability to comply with industry standard frameworks such as NIST CSF (cybersecurity framework), COBIT,
    ISO and other relevant information security regulatory frameworks
  • By assessing current-state security control processes, we assist clients in identifying needs, strengths and weaknesses in the current environment as compared to peers and determining future business processes and technology that will be needed in order to enhance the cybersecurity function over time.

Cyber Maturity Assessment (CMA)

  • KPMG in India’s CMA is a unique offering that incorporates our insight into leading cyber practices from the public and private sectors
  • The assessment is targeted at boards and executives to assist with appropriate board-level reporting and communications
  • The CMA framework is based on a combination of internationally accepted standards (such as NIST CSF, ISO and COBIT) and can be tailored to the specific requirements of our clients, yet is comprehensive in its ability to address six key dimensions that together provide an in-depth view of an organisation’s cyber maturity.

Cyber strategy and target operating model

  • KPMG in India’s cyber strategy and target operating model service provides clients with a effcient method to establish a security strategy, quantify risks, evaluate true cost and determine effectiveness of their current security programme 
  • Driven by an assessment of core capabilities across people, process and technology, clients will gain an understanding of their current security capability maturity, which will then drive the creation of a tailored target operating model.

Cyber key performance indicator, metrics and dashboarding

The firm’s CISO metrics and reporting service help security organisations establish a consistent, repeatable and mature process for reporting cybersecurity performance at all levels—to the board, executive management and information security leadership.

Information and data governance

KPMG in India’s approach to information governance begins with an intimate understanding of industry issues and business processes. We use a DC2 (Define, Clean, Discover, Change) approach to assess and improve information governance capabilities. Privacy regulations and compliance requirements have exploded in the past 12 months.

Data privacy and protection

Our clients are struggling with designing, building and sustaining privacy programmes that meet employee, customer and regulatory expectations. Similar to privacy concerns, corporate retention and disposition obligations are fast evolving and changing. Organisations must develop policies and implement technology enablers to facilitate the effective lifecycle management of records and data.

Third-party security risk management

  • The third-party security risk management service assists our clients with the design and execution of a third-party security assessment programme 
  • This service will provide clients with a risk triage model, representative assessment questionnaires, and a centralised coordination and reporting office to assist our clients in conducting assessments of their vendors, suppliers and other third-party business partners across the globe.

Business resilience

  • KPMG in India’s business resilience service assists clients with the development and deployment of a Business Continuity Management (BCM) programme, including emergency response, crisis management, business continuity and technology recovery
  • Key steps include understanding recovery priorities and requirements through business-impact analysis, developing continuity strategies and plans and performing regular exercising, testing and maintenance of strategies and plans.

Connect with us


Want to do business with KPMG?


loading image Request for proposal