Kaspersky has recently reinforced its security credentials by re-certifying its information security management system (ISMS) against ISO/IEC 27001:2022, an international standard which outlines the best practices for establishing, implementing and continuously improving these systems.
First published in 2005 by the International Organization for Standardization (ISO), the world’s largest developer of international standards, and the International Electrotechnical Commission (IEC), ISO/IEC 27001 has remained the most widely used information security standard for two decades. The standard provides a systematic and structured approach to managing and protecting sensitive information within an organization, as well as a framework to identify and assess information security risks, to implement controls to address those risks and to monitor and review the effectiveness of the controls used.
Kaspersky attained the certification as a result of an assessment carried out by an independent certification body. It covered the management systems involved in the delivery of malicious and suspicious files using the Kaspersky Security Network (KSN) infrastructure, including safe storage and access to these files in the company’s Distributed File System (KLDFS) and KSN systems for processing statistics (called KSNBuffer database). The certification is valid for the company’s data centers in Zurich, Switzerland; Frankfurt, Germany; Toronto, Canada; and Moscow, Russia.
To conduct the certification, auditors reviewed documentation, interviewed employees from various departments, and also analyzed the technical and organizational aspects of data protection. Following the assessment, the auditors compiled a report summarizing the key conclusions, which was then examined by independent experts to confirm the impartiality of the auditors. The certificate can be provided upon request.
“As a cybersecurity vendor, Kaspersky cannot
underestimate the need to undertake ongoing assessment of the information
security risks and its implementation of mature risk management processes. Regular
independent audits of the company’s processes form one of the key areas of the
company’s Global Transparency Initiative. By re-certifying for ISO/IEC 27001:2022
we bring one more layer of confidence for our customers and partners and prove
our commitment to manage data securely and safely,” commented Yuliya
Shlychkova, Vice President, Government Affairs and Public Policy at Kaspersky.
Just recently, Kaspersky renewed its Service Organization Control for Service Organizations (SOC 2) Type II audit, confirming that the process of antivirus database development and release is protected against tampering. Recurrent third-party evaluations of Kaspersky’s internal processes are one of many trust-building measures introduced as part of Kaspersky’s Global Transparency Initiative (GTI) — a framework offering hands-on instruments for evaluating the integrity and trustworthiness of the company’s solutions and practices. Learn more about the GTI on the website.
