ISO 27001 certification and auditing
ISO 27001 certification is useful for organisations that need to manage and protect various types of data and for organisations whose operations are related to information security, such as financial sector, healthcare and information technology organisations, etc. In addition, it is necessary for organisations whose cooperation with public, private or third sector organisations depends on effective compliance with information security standards.
Organisations can get ISO 27001 certified. This demonstrates to customers and other parties that they take information security seriously and have implemented appropriate controls to protect information.
ISO 27001 certification and auditing
ISO 27001 certification is useful for organisations that need to manage and protect various types of data and whose operations are related to information security, such as financial sector, healthcare and information technology organisations, etc. In addition, it is necessary for organisations whose cooperation with public, private or third sector organisations depends on effective compliance with information security standards.
Organisations can get ISO 27001 certified. This demonstrates to customers and other parties that they take information security seriously and have implemented appropriate controls to protect information.
Planning
Preliminary activities for conducting an ISO certification audit.Pre-certification assessment
Pre-audit assessment of the current state of the information security management system.Certification audit
Conducting a certification audit and preparing an audit report that includes a description of deficiencies. After a successful audit, the ISO certificate is issued for three years.Follow-up audit
A follow-up audit is conducted every 12 months or in case of major changes to the ISMS.Advisory services
ISO 27001 consulting begins with a gap analysis of the organisation's information security. Regarding the deficiencies identified during the analysis, we provide recommendations for the implementation of measures that enable the organisation to effectively bring its information security process(es) into compliance with the standard. In cooperation with the client, we prepare a detailed action plan to achieve compliance; where appropriate, KPMG can provide assistance in implementing the action plan (please see KPMG IT risk assessment service).Pre-audit
The certification process begins with a pre-audit. The purpose of the pre-audit is to assess the ISMS implemented by the organisation and establish whether it is ready to successfully pass the certification audit. After the pre-audit, the organisation has six months to remove the identified deficiencies and non-conformities, and start the certification audit. If, after six months, the organisation is not ready for the certification audit, meaning the deficiencies identified during the pre-audit have not been removed, the pre-audit must be conducted again.Certification audit and surveillance audit
There is a three-year certification cycle. It comprises a certification audit and two surveillance audits, which must be carried out within two years from the certificate being issued. If the organisation wishes to maintain certification beyond the end of the third year, recertification must be performed. This requires a successful audit, and then a new three-year certification cycle begins.ISAE SOC2 and ISO 27001
ISO 27001 certification is also well aligned with ISAE certification (please see KPMG SOC2 (ISAE 3000) certification for more information). KPMG has a unique market position because we offer a service designed to provide assurances about the effectiveness of information security-related controls under ISAE 3000 (SOC2 report) and an information security management system certification service according to the ISO 27001 standard. Simultaneous certification to two standards saves time and money as well as helps achieve certifications and meet well-known information security standards in both the European and US markets.Turn threats into opportunities
Provide a safe and sustainable business environment for your company! We will help you build a resilient and reliable digital world, even in the face of changing threats.
KPMG Baltics OÜ
+372 626 8700itaudit@kpmg.ee
Ahtri 4, 10151 Tallinn, Estonia
Võta meiega ühendust
${i18n('ask_more')}
HR assessment
HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
${i18n('ask_more')}
Threat assessment
Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
${i18n('ask_more')}
Maturity assessment
Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.