IT Security

BDO New Zealand is continuously monitoring its overall security posture to ensure the integrity of our technology systems and information. Below you will find an overview of our current related certification and policies we follow to maintain best practice standards.

Standards & certification

BDO New Zealand's technology security complies with the following key standards:

We are ISO27001:2022 certified. Download a copy of our certificate here: BDO NZ ISO27001:2022
BDO Global Compliance and Risk Management Standard (this is the BDO Global Standard for Information Security, Audit Quality, PII and Privacy that all BDO firms must comply with).

Policies

We have adopted comprehensive technology security policies for each of the following areas:

ISMS Scope and Context
Information Security Policy
Responsible Disclosure Policy
Data Retention Policy
Data Protection Policy
Information Security management System Plan
Encryption Policy
Vulnerability Management Policy
Disaster Recovery Policy

To request a copy of one or more of our policies, please email your request to security@bdo.co.nz.

Continuous technology systems monitoring

BDO New Zealand has continuous monitoring in place for critical tests and services.

App security	Data security	Infrastructure security
✔ Annual Penetration Test ✔ Quarterly Vulnerability Scan	✔ Encryption at Rest ✔ Encryption in Transit	✔ Cloud Infrastructure ✔ Restricted Public Access
Network security	Organisation security	Product security
✔ Denial of Public SSH ✔ Network Security Controls	✔ Code of Conduct ✔ Quarterly Cyber Security Training	✔ MFA on Accounts ✔ Server Monitoring & Alerting

Communication with BDO in the event of a data breach

If you, as a vendor providing software or a service to BDO New Zealand, are subject to a data breach, please inform BDO New Zealand within 24 hours by email to security@bdo.co.nz, outlining the details of the incident and key contact information.

Need help?

For more information contact security@bdo.co.nz