New Zealand

Security Advisory Services 

KPMG’s Security Advisory team identify and assess the real business and technical threats faced by organisations, not simply risks based on “best practice”.  KPMG offers a wide range of IT security assurance and advisory services, based on the extensive experience of our professionals and generally recognised global methodologies in this field. 


Our specialists provide independent, jargon-free advice and advanced technology capabilities to help you proactively and reactively manage your technology risks. 

Contact us

Philip Whitmore - IT security

Philip Whitmore

Partner - Security Advisory Services

+64 9 367 5931

      Our services:

      Security testing

      Penetration testing, vulnerability testing, controls assessments, ERP security assessments and code reviews

      PCI DSS compliance

      Scoping, strategy development, readiness assessment, vulnerability assessment, penetration testing, project management and compliance validation.

      Business continuity and disaster recovery

      Disaster recovery planning, business continuity assessments and ISO 22301 assessments.

      Incident management

      Incident investigation and response, computer forensics and electronic evidence recovery.

      Security governance and compliance

      Supplier risk reviews, security governance advisory, PCI DSS compliance services, privacy reviews, COBIT assessments, ISO 27000 series assessments and benchmarking across peer organisations.

      Security management

      Strategy development, security frameworks, policies and standards, awareness training and “Mobile CSO” - Chief Security Officer on demand.

      Security remediation and improvement programmes

      Planning, design and management

      Risk advisory

      Data loss assessment and risk assessments for new channels and technologies.



      • New products and services are launched and operated with confidence.
      • Confidence and assurance that information security risks are understood and managed.
      • Accelerated remediation activity to reduce risk.
      • Knowledge of industry leading practices to managing security.
      • Cost effective compliance with security and privacy legislation, regulations and industry requirements such as PCI DSS.
      • Reducing the risk of costly and damaging IT security breaches.
      • Reducing the risk of interruptions to your business operations through the implementation of appropriate IT disaster recovery and business continuity plans .
      • Having greater confidence in your investment in ERP systems through the implementation of better automated business process controls and IT security controls. 

The cloud takes shape

Cloud user
KPMG’s second global cloud survey looks at the opportunities and challenges of cloud adoption among organizations around the world.