IISRI® Independent Information Security Rating Institute

IISRI® is a well-recognized partner in providing implementation, assurance and attestation services according to international standards since 2016. All attestations from IISRI® also come with an internal IISRI® rating that can be published.


The Independent Information Security Rating Institute IISRI® was founded in 2016 to provide a more accurate security and privacy assurance method to the public. Security and Privacy certifications, like ISO27001, PCI DSS or SOC2, are issued after passing a minimum threshold. This binary approach does not leave much room to understand how well organisations protect customer data. Security and Privacy ratings, however, allow customers to see to what extent an organisation has put controls.


IISRI® audits, rates and certifies the security and privacy of service providers. IISRI® is the world’s leading provider of public information security ratings on profit and non-profit organisations, including governments, and their services. Our global team comprises regional and sector experts from the industry and researchers from the university. Although IISRI® might cooperate with the assessed organisations during the assessments, IISRI® is completely independent in forming a final opinion.

Who we are

IISRI® has been providing Security and Privacy services since 2016 and is now the leading provider of Information Security and Privacy Ratings. Our global team comprises regional and sector experts from the industry and researchers from universities with qualified auditors for, among others, ISO27001, ISO27701, GDPR, PCI DSS, SOC 2 and NIST. Our headquarter is in New Zealand with branches in Netherlands, Poland and Indonesia.

Our Goal

We aim to provide all service providers with public Security and Privacy Ratings. This higher transparency will encourage certified service providers to safeguard valuable customer data constantly. Establishing trust within and beyond the organization.

Our Team

Sector experts from the industry and researchers from universities with qualified auditors.

IISRI® can help with

Internal and External Audits, Ratings, Assurance Statements, Certifications, such as PCI DSS, AICPA's SOC2, ISAE 3402/SSAE 16, ISO27001, ISO27201, NIST, GDPR, NZISM.

IISRI® Services


The intent of an audit is to assess the effectiveness of processes and controls. IISRI® offers affordable audits across the globe and can audit remotely. The audit duration depends on the organizations' size and the scope of the audit. During the audit you have the opportunity to work with experienced auditors who understand the ins and outs of the business. An internal audit prepares for the external audit, reassuring all the requirements and controls are in place. IISRI® collects evidences in a secure way, as m independent third party auditor. Our auditors are trained and follow ISO19011. Book a free consultation to talk to one of our lead auditors.


IISRI® advises on compliance and implementation of different security standards and frameworks. All IISRI® consultants and contractors have sufficient qualifications and at least five years of verified experience with international organizations such as ISACA, ISC2, or PECB. Some of us hold European Union security clearances and are official PECB accreditation body auditors with computer science and law degrees. Besides that, we work with our partners to provide different types of formal certifications like ISO27001 (security), ISO27701 (privacy), ISO27018 (privacy for cloud providers), and PCI (credit card payments).


Ratings are a great tool for organizations that want to know how secure they are or who have to assess their suppliers to do due diligence during acquisition/merging. Many organizations found certifications like ISO27001, PCI DSS, and SOC2 insufficient and that these provide only binary information if the controls are effective. IISRI® strongly believes that this transparency about information security and privacy of organisations through public visibility of security and privacy ratings will encourage organisations and governments to constantly improve their security and privacy posture and safeguard valuable data.

Assurance Statements

IISRI® issues a Security Assurance Statement that attests to an organizations' Security Posture. This is usually against ISO27001 but can also be done against another security standard. This statement depicts, besides the overall security rating, the results of an organizations' internal assessment of the security domains. Many customers have used the IISRI® Assurance Statement as a stepping stone in their first years on their journey to a more invasive international certification, such as ISO27001, ISO27701, and SOC2 type 2. The IISRI® Assurance Statement is considered to be complementary to those international certifications.


Attention Financial Institutions and Service Providers! DORA Compliance Deadline Financial institutions and service providers in the EU, take note! The DORA compliance deadline is approaching on January 17, 2025. This new regulation aims to strengthen the sector's cybersecurity posture. Get ready to implement technical standards, potentially establish an EU subsidiary, and prepare for inspections to ensure you can: -Mitigate cyber risks -Protect client data -Avoid disruptions Don't wait – act now to ensure a smooth transition and stay ahead of the curve.

Suppliers Third Party Risk Management

Overwhelmed by managing international third-party standards? Get a grip on risk with IISRI®. We offer a tailored solution that empowers you to: Control risks from vendors. Make informed decisions with insightful data. Our flexible approach includes: Automated assessments for low-risk vendors. Deep-dive audits for critical suppliers. Clear security & privacy ratings. Don't settle for generic solutions. Get a program that fits your organization and helps you: Reduce breaches & penalties. Protect data & reputation. Improve decisions & compliance.

European NIS 2 Directive

The NIS 2 Directive is now in effect, and even companies outside the EU could face strict new cybersecurity regulations if they serve critical sectors within the EU. This includes high-risk sectors like banking and healthcare, as well as important sectors like food and digital services. If you provide IT services to organizations in these sectors, you'll need to assess NIS 2 compliance requirements, potentially appoint an EU representative, and proactively adapt your operations. Don't risk legal implications and disruptions – ensure compliance to maintain business continuity and protect your organization.

AI ISO/IEC 42001 Certification

As AI solutions become more prevalent, organizations are increasingly concerned about their responsible implementation. Our ISO/IEC 42001 certification service helps you assess and mitigate AI-related risks, including data security and privacy concerns. Through a comprehensive 4-day assessment, we provide a detailed report, identify potential risks, and offer an assurance statement demonstrating your commitment to responsible AI practices. This can help you gain a competitive edge, build trust with stakeholders, and future-proof your organization's AI journey.

Certifications provided by IISRI®

Audits, Consulting, Ratings, Assurance Statements, Security and Privacy Certifications in one place with IISRI®

IISRI® provides Security and Privacy Certifications and Ratings to service providers. Like Moody's credit ratings, security and privacy ratings make it easy for customers to decide which service providers to trust when consuming their services and thus sharing their data. For service providers, obtaining a security or privacy certification, like ISO27001, with a rating provides them with the ultimate opportunity to gain recognition from potential customers and grow their brand worldwide.

SaaS Solution

Imagine keeping track of who has access to what in your company, across tons of apps - a real headache! Truexess is an all-in-one solution that solves this problem. Seamless extension to Okta and OneLogin for access management reviews. Automating tedious tasks.

Strengthening your Security Posture

Trusted by

Contact Us

Feel free to ask for details, don't save any questions!

Get in Touch

Contact us at IISRI® for a free initial consultation or other security or privacy related inquiries.

Our Office

  • Address: 11-19 Customs Street West, Level 16-18 Commercial Bay, Auckland 1010, New Zealand
  • Email: contact@iisri.com

Business Hours

  • Monday - Friday - 9am to 5pm NZT
  • Monday - Friday - 12pm to 5pm CST/CDT
  • Monday - Friday - 6am to 10am CET