Kaspersky receives ISO 27001 certification
Kaspersky has received ISO/IEC 27001:2013 certification, an internationally recognized standard for information security management systems, from TÜV AUSTRIA. This confirms that the company's data security systems, including the Kaspersky Security Network, comply with industry best practices.
"The ISO 27001 certification is a significant achievement for Kaspersky," commented Andrey Evdokimov, Chief Information Security Officer at Kaspersky. "It demonstrates to our customers and partners that we consider control of our security management to be an extremely high priority and recognizes our approach to information security as verifiable. The rigorous audit conducted for the certification confirms that we are committed to the highest levels of data security and represents another step in our commitment to underscore the transparency of our business."
ISO/IEC 27001 is the most widely used information security standard developed and published by the International Organization for Standardization (ISO), the world's largest developer of voluntary international standards. It contains requirements for the implementation, monitoring, maintenance and continuous improvement of Information Security Management Systems (ISMS) within organizations and their business requirements. Conformance to this internationally recognized standard forms Kaspersky's basis for implementing and managing information security, as it proves the completeness and accuracy of security controls and provides customers with an additional level of assurance.
The certification was validated following an assessment by the independent certification body of TÜV AUSTRIA. This covered management systems for identifying malicious and suspicious files using the Kaspersky Security Network (KSN) infrastructure, as well as secure storage and trusted access to files in the company's Distributed File System (KLDFS). This also includes the company's data centers in Zurich, Frankfurt, Toronto and Moscow.
TÜV AUSTRIA
"TÜV AUSTRIA aims to protect both society and companies from a wide range of risks of all kinds. As digitalization is the most important common trend in terms of technological developments worldwide, it offers significant opportunities on the one hand, but also poses great risks, as public or private information could be lost or damaged. We therefore greatly appreciate the fact that such a major global provider of IT security technologies as Kaspersky has committed itself to complying with the internationally recognized standard for the management of information security," explains Detlev Henze, Head of TÜV TRUST IT GmbH, a company of the TÜV AUSTRIA Group.
The certification is publicly available in the TÜV AUSTRIA certificate directory and on the Kaspersky website. The ISO 27001 audit is another step in the Global Transparency Initiative announced in 2017, which aims to provide partners and customers with comprehensive assurance that the company's products and services not only provide the best protection against cyber threats, but also handle customer data with maximum care. In 2019, the company successfully completed the SOC 2 Type 1 audit conducted by one of the four major global auditing firms. This confirmed that the development and playout of Kaspersky's AV databases are protected from unauthorized changes by strong security controls.
For more information on the latest developments within Kaspersky's Global Transparency Initiative, visit https://www.kaspersky.de/about/transparency