Documente Academic
Documente Profesional
Documente Cultură
Are your business data safe? Do you trust your information security measures?
Can you prove to external parties that you take care on their data?
The protection of business data is one of the most Complying with different regulations and maintaining
important success factors in today's world. All companies reputational integrity is a complex task that can most
are potential victims of cyber attacks: increasingly, we hear effectively be achieved by means of an Information Security
that companies became victims of hackers and suffered Management System. The ISO/IEC 27001 standard is an
massive reputational damage. As a result, many customers international comprehensive framework for developing,
decide not to use some services because they do not trust implementing and maintaining an independently auditable
the company. In addition, the new EU General Data Information Security Management System (ISMS) aligned
Protection Regulation (GDPR) implies administrative fines with the business strategy and the company’s context.
for data security breaches (also in Switzerland).
Plan Compliance
Information
Security
Policy
Do
Business
Organization
Continuity
of Information
Management
Security
Information
Security
Information Asset
Incident
Management
Security Management
Information
Management
Systems Acquisi-
tions, Develop-
System (ISMS) Human
Resources
ment and Security
Maintenance
Certification Audit
Audit Report and ISO/IEC 27001
Identify Risks / Gaps (Pre-Audit) Stage I: Documentation Audit
certificate issuance
Stage II: Implementation Audit
• Health Check Gap Analysis • Conduct on-site audits and planning • Discuss the draft report with the client
• Risk Assessment • Involve subject matter specialists • Finalize the reporting using client input
• Review of Policies and Guidelines • Documentation audit • Release the final report
• Review of pre-selected control objectives • Take and assess samples in the IT • Plan countermeasure for non- conformities,
based on ISO/IEC 27001 environment observations, and recommendations
• Perform walkthrough audits and site • Issue the ISO/IEC 27001 certificate if the
inspections organization is mature enough
• Conduct technical console testing • Plan the surveillance audit
• Create a draft audit report
Contact
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no
guarantee that such information is accurate as of the date it is received, or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough
examination of the particular situation. The scope of any potential collaboration with audit clients is defined by regulatory requirements governing auditor independence.
© 2018 KPMG AG is a subsidiary of KPMG Holding AG, which is a member of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss legal entity.
All rights reserved.