|
Certification and Assurance Services
Supply chains and corporate sourcing are undergoing immense transformation: few organisations retain day-to-day control of all of their business; key parts of IT and operations, even frontline customer service are being outsourced to external suppliers. Even when they are retained in-house, they are increasingly off-shored to shared service centres.
If you are the buyer of services:
- How do you know that your suppliers are adhering to their obligations on the protection of information and the resilience of their service?
- How do you know that they have processes in place to maintain a secure and resilient service?
If you are a service provider:
- How do you demonstrate to your customers and regulators that you are meeting your obligations?
- How do you enable customers and regulators to obtain assurance without surrendering your business to a state of perpetual auditing, with multiple auditors placing conflicting demands on scarce management time?
- How do you demonstrate to customers that you really are as good as you say you are?
KPMG helps you to build and implement effective risk management systems that enable you to adopt a single, comprehensive view of information and IT risk, including security, privacy and resilience.
We are the only large advisory firm that can provide a set of assurance and certification services that satisfy a broad range of customers and stakeholders – for example we can conduct a SAS70 report simultaneously with ISO 27001 and ISO 20000 certifications.
With over 120 years experience in providing assurance to investors, customers and other stakeholders, we provide a higher level of assurance than many niche providers in the certification and assurance market place.
Our capability was recognised recently when Government Communications Headquarters (GCHQ) selected us as the only large organisation to conduct tailored assurance services for the UK government.
Our range of services includes:
- Designing and helping to implement integrated risk management systems – The key to a sustainable approach to managing security, privacy and resilience is the adoption of a consistent integrated risk management system that is aligned to corporate-wide strategies and risk management processes. We help you to design management systems that are pragmatic and integrated with your overall risk management frameworks.
- Certification advisory services – whether its PCI, ISO 27001 or another standard, we take a structured approach that enables you to achieve compliance in an efficient and cost effective way. This includes training, benchmarking, scoping studies, gap analysis and pre-certification advisory, remediation, selection of a certifier and coaching during the certification process.
- Certification assurance services – KPMG Audit Plc is accredited by the United Kingdom Accreditation Service (UKAS) and itSMF to provide formal certification against ISO 27001 (information security management) and ISO 20000 (IT service management) respectively. Our current certification clients are listed on the ISO 27001 and ISO 20000 certificate registers. We will soon be accredited by UKAS to provide certification against ISO 9001 (quality management) and will provide certificationagainst BS 25999 (business continuity management) once the accreditation programme for this is launched.
- SAS 70 – KPMG can perform a Statement of Auditing Standards (SAS) No. 70 audit of a service organisation. The output of the audit is a Service Auditor’s Report that provides information about the service organisation’s controls that may be part of a user organisations information system as it relates to the users’ financial statements. The SAS 70 examination was designed by the American Institute of Certified Public Accountants (AICPA) to enable service organisations to obtain a single report to accommodate all or most of its user organisations’ audit requirements.
- PKI services – we provide formal assessment services against a number of PKI schemes, including tScheme and Webtrust for Certification Authorities. We are authorised to issue formal Webtrust seals.
- Supply chain security audits – we conduct bespoke supply chain security programmes for a wide range of industries including aerospace, automotive, banking and payment processings.
- Training –we
offer a full International Register
of Certificated Auditors (IRCA) accredited “ISO
27001 Information Security Management
System (ISMS) Lead Auditor” course
(reference number A17219) that can
result in a formal qualification. These
are run in-house for clients and
places are also offered on KPMG’s
own courses which are run twice per
year. We also design and deliver
bespoke in-house training tailored
to clients’ needs.
Management of impartiality
KPMG Audit Plc understands the importance of impartiality in carrying out its management system certification activities, manages conflicts of interest and ensures the objectivity of its management system certification activities.
|
 |
|
|
|
|
Latest RAS Publications
Finance of the Future - looking forward to 2020
We look into the challenges finance have faced over the past ten years and predict how the finance f...
Getting the measure – a focus on carbon measurement and reporting
Helping companies understand the requirements and processes required to plot a course for carbon foo...
KPMG/ YouGovStone Survey: Climate Change Business Leaders Survey II
KPMG’s second survey looking at how business leaders are responding to the issues and challenges ass...
Friend or Foe – a focus on carbon offsetting
An introduction to carbon offsetting as part of the wider carbon reduction strategy. Focusing on the...
|
|
