KPMG achieves ISO/IEC 27001 Certification from ISC

Sudarshan Mandyam,  manager ISMS of certification organisation ISC Worldwide, presented the certificate to Jaison George, CIO KPMG Lower Gulf (LG).

KPMG's Information Technology Services (LG) office provides IT enabled solutions, facilitates the deployment and support of global applications, manages an infrastructure backbone of national WAN on MPLS and a large data centre.

The data centre hosts business applications, practice management applications and services like messaging, the extranet client collaboration portal and IP telephony. 

The ITS LG firm comprises offices in the UAE and Oman, with professional staff strength of 850 spread over six offices.

KPMG believes that having a robust information security management system (ISMS) is key to ensuring that both the ITS team within and the customers outside of the firm imbibe a security conscious culture and appreciate the need for preparedness, alertness and timely response.

They also believe that Information security is not an IT issue, rather, that security is everybody's responsibility.

A formal ISMS, which provides guidance for the deployment of best practice, is increasingly seen, by KPMG, as a necessity in compliance terms. In addition, certification is increasingly required of organisations by clients and suppliers.

KPMG LG has a sizeable BPO practice. The team of sixteen provides payroll processing, financial accounting services, IFRS support, consolidation of financials and interim management services to an impressive list of over thirty-five clients. Clients trust KPMG with their confidential, and in some cases, personal identifiable data in the course of the services rendered.

While the firm previously demonstrated compliance to the rigorous KPMG global information security standards, clients would still require information detailing security processes, systems and awareness.  Analysis of client feedback showed that implementing industry best practices and standards in the information security area would be a distinct business advantage.

This was the business drive that initiated the journey to attain the ISO/IEC 27001:2005 standards and eventually, the certification.

The teams put in considerable time and effort in designing, deploying and maintaining security processes and procedures. The eight months leading up to the final certification audit were as equally rewarding as they were exhausting. The certification marks a milestone in KPMG's enterprise of adhering to global standards of service delivery and operations.

To KPMG's clients, this is yet another confirmation that KPMG is compliant with international standards for information systems security management which ensure best-practice, confidentiality, integrity and availability.

The ISMS audit was conducted by the International Standards Certifications (ISC) Australia.

ISC is a JAS-ANZ Australia accredited certification body with offices worldwide.