IISRI® Independent Information Security Rating Institute
IISRI® is a well-recognized partner in providing implementation, assurance and attestation services according to international standards since 2016. All attestations from IISRI® also come with an internal IISRI® rating that can be published.
The Independent Information Security Rating Institute IISRI® was founded in 2016 to provide a more accurate security and privacy assurance method to the public. Security and Privacy certifications, like ISO27001, PCI DSS or SOC2, are issued after passing a minimum threshold. This binary approach does not leave much room to understand how well organisations protect customer data. Security and Privacy ratings, however, allow customers to see to what extent an organisation has put controls.
IISRI® audits, rates and certifies the security and privacy of service providers. IISRI® is the world’s leading provider of public information security ratings on profit and non-profit organisations, including governments, and their services. Our global team comprises regional and sector experts from the industry and researchers from the university. Although IISRI® might cooperate with the assessed organisations during the assessments, IISRI® is completely independent in forming a final opinion.
Who we are
IISRI® has been providing Security and Privacy services since 2016 and is now the leading provider of Information Security and Privacy Ratings. Our global team comprises regional and sector experts from the industry and researchers from universities with qualified auditors for, among others, ISO27001, ISO27701, GDPR, PCI DSS, SOC 2 and NIST. Our headquarter is in New Zealand with branches in Netherlands, Poland and Indonesia.
We aim to provide all service providers with public Security and Privacy Ratings. This higher transparency will encourage certified service providers to safeguard valuable customer data constantly. Establishing trust within and beyond the organization.
Sector experts from the industry and researchers from universities with qualified auditors.
IISRI® can help with
Internal and External Audits, Ratings, Assurance Statements, Certifications, such as PCI DSS, AICPA's SOC2, ISAE 3402/SSAE 16, ISO27001, ISO27201, NIST, GDPR, NZISM.
The intent of an audit is to assess the effectiveness of processes and controls. IISRI® offers affordable audits across the globe and can audit remotely. The audit duration depends on the organizations' size and the scope of the audit. During the audit you have the opportunity to work with experienced auditors who understand the ins and outs of the business. An internal audit prepares for the external audit, reassuring all the requirements and controls are in place. IISRI® collects evidences in a secure way, as m independent third party auditor. Our auditors are trained and follow ISO19011. Book a free consultation to talk to one of our lead auditors.
IISRI® advises on compliance and implementation of different security standards and frameworks. All IISRI® consultants and contractors have sufficient qualifications and at least five years of verified experience with international organizations such as ISACA, ISC2, or PECB. Some of us hold European Union security clearances and are official PECB accreditation body auditors with computer science and law degrees. Besides that, we work with our partners to provide different types of formal certifications like ISO27001 (security), ISO27701 (privacy), ISO27018 (privacy for cloud providers), and PCI (credit card payments).
Ratings are a great tool for organizations that want to know how secure they are or who have to assess their suppliers to do due diligence during acquisition/merging. Many organizations found certifications like ISO27001, PCI DSS, and SOC2 insufficient and that these provide only binary information if the controls are effective. IISRI® strongly believes that this transparency about information security and privacy of organisations through public visibility of security and privacy ratings will encourage organisations and governments to constantly improve their security and privacy posture and safeguard valuable data.
IISRI® issues a Security Assurance Statement that attests to an organizations' Security Posture. This is usually against ISO27001 but can also be done against another security standard. This statement depicts, besides the overall security rating, the results of an organizations' internal assessment of the security domains. Many customers have used the IISRI® Assurance Statement as a stepping stone in their first years on their journey to a more invasive international certification, such as ISO27001, ISO27701, and SOC2 type 2. The IISRI® Assurance Statement is considered to be complementary to those international certifications.
Certifications provided by IISRI®
Audits, Consulting, Ratings, Assurance Statements, Security and Privacy Certifications in one place with IISRI®
IISRI® provides Security and Privacy Certifications and Ratings to service providers. Like Moody's credit ratings, security and privacy ratings make it easy for customers to decide which service providers to trust when consuming their services and thus sharing their data. For service providers, obtaining a security or privacy certification, like ISO27001, with a rating provides them with the ultimate opportunity to gain recognition from potential customers and grow their brand worldwide.
Strengthening your Security Posture