MILAN – Kaspersky, a world leader in the IT security sector, has obtained ISO / IEC 27001: 2013 certification, the international standard that defines best practices for information security management systems. Released by TÜV AUSTRIA, the certification confirms that the company's data security systems, including Kaspersky Security Network, meet industry best practices.
What is ISO / IEC 27001?
ISO / IEC 27001 is the most used information security standard, created and published by the International Organization for Standardization (ISO), the largest body in the world that develops international standards. ISO includes requirements on how to implement, monitor, maintain and continuously improve an information security management system (ISMS) in the context of the organization and its business needs. Compliance with this internationally recognized standard is the basis of Kaspersky's approach to the implementation and management of information security, as it demonstrates the completeness and rigor of security controls, while providing customers with an additional level. warranty.
The certification was validated following an assessment carried out by the independent certification body TÜV AUSTRIA and concerned the management systems for the distribution of malicious and suspicious files using the Kaspersky Security Network (KSN) infrastructure, as well as secure and access to these files in the company's Distributed File System (KLDFS). These include the company's data centers in Zurich in Switzerland; in Frankfurt in Germany; in Toronto in Canada and in Moscow in Russia.
«Having received the ISO 27001 certification represents a significant result for Kaspersky. Certification allows us to demonstrate to customers and partners that security management controls are a priority for us and is also indicative of our “verifiable” approach to information security. The rigorous audit undertaken for certification confirms our commitment to achieve the highest levels of data security and marks a further step forward in our attempt to demonstrate the transparency of the company “, said Andrey Evdokimov, Kaspersky's Chief Information Security Officer.
«TÜV AUSTRIA aims to protect the community and businesses from various risks. Digitization is one of the main development trends worldwide and allows you to create significant opportunities but also great risks as public and / or private information could be lost or compromised. Precisely for this reason we greatly appreciate the fact that an important global market player such as Kaspersky demonstrates its commitment to follow the internationally recognized standard for information security management “, commented Detlev Henze, Head of TÜV AUSTRIA group TÜV TRUST IT GmbH.
«Modern information technologies have made our world more global. People, businesses and states are, in fact, closely interconnected. As soon as one of these elements is threatened all the others risk being hit. We can no longer limit ourselves to assessing risk from a purely national point of view as our business and private life constantly crosses international borders and networks. The real protection, therefore, is that in which processes on a global scale, international infrastructures and shared resources are used in critical moments as the only element. For this reason, we congratulate Kaspersky's approach to building his information security system and requesting certification with such a large network of branches in various countries, to demonstrate his global power and commitment to business continuity “, added Dmitry Yartsev, Director General of TÜV AUSTRIA office in Moscow.
The certification is available in the TUV Austria Certificate Directory and on the Kaspersky website. The ISO 27001 audit is a further step towards Global Transparency Initiative, announced in 2017, to guarantee its partners and customers not only the best products and services for the protection against cyber threats, but also the highest level of respect and attention in processing their data. In 2019 the company also passed SOC 2 Type 1 audit released by one of the Big Four, which confirms that the development and release of Kaspersky's AV databases are protected from unauthorized changes through strict security checks.