McConnell Jones takes threats to the availability, integrity, and confidentiality of our client’s information seriously. As such we have implemented a rigorous assessment and compliance program that includes ISO 27001:2013 certification, completion of the TruSight assessment, internal and external audits, and independent penetration testing.

ISO 27001 Certified (Information Security Management System)

The international acceptance and protection of our client’s information is the key reason why certification to this standard is at the forefront  of McConnell Jones’s approach to information security. McConnell Jones’s achievement of ISO/IEC 27001 certification points to its commitment to making good on client promises from a business, security compliance standpoint. Currently, the Firm is audited once a year for ISO/IEC 27001 compliance by a third-party accredited certification body, providing independent validation that security controls are in place and operating effectively.

The scope of the ISMS includes the confidentiality, integrity, and availability of the information systems supporting the following:

  • Audit and Assurance Services
  • Tax and Accounting Services
  • Consulting Services

The scope is inclusive of all McConnell Jones employees, contractors, sub-contractors and their respective facilities supporting the services above.

Click here to view our ISO/IEC 27001 certificate. A copy of Statement of Applicability and Audit report can be requested by contacting our security department at or your McConnell Jones representative.



TruSight is a third-party risk-assessment utility created by leading US banks for the collective benefit of financial institutions, their suppliers, partners, and other third parties. TruSight simplifies assessments by executing best-practice, standardized evaluations once and making them available to many organizations, enabling financial institutions to gain greater visibility into potential risks and manage third-party relationships more efficiently and effectively.

The foundation of TruSight’s methodology is the robust, standardized Best Practices Questionnaire (BPQ) created by TruSight’s founding banks and updated in partnership with their customers and industry experts. Its 27 diversified control domains are designed to meet the industry’s evaluation needs across the categories of information and cyber security, privacy, business resiliency, and other operational risk domains.

For McConnell & Jones, TruSight conducted a rigorous and comprehensive assessment of the Firm’s information security and compliance programs to validate the design and implementation of controls according to BPQ requirements. The comprehensive validation procedures included structured inquiries, policy and procedure inspections, reviews with supporting evidence, and onsite dynamic control observations.

In November 2021, TruSight issued its first risk assessment of McConnell Jones, Comprehensive Assessment of McConnell & Jones, LLP. McConnell Jones now undergoes annual TruSight reviews to ensure that the assessment remains current and reflects new regulatory requirements and technology updates in McConnell & Jones systems.

To purchase the Comprehensive Assessment of McConnell & Jones, LLP report, contact or visit the TruSight website. TruSight updates its assessment annually of our cloud services to ensure alignment with the latest regulatory requirements and advancements in Microsoft technology.

Internal Audits

McConnell Jones has a rigorous internal audit schedule that is completed annually. The internal audit function is responsible for testing compliance with ISO 27001 controls, business process improvement, our NIST 800-53 controls, and internal control structure.

Penetration Testing

McConnell Jones performs periodic pen testing with 3rd party experts against all of our systems. Testing includes internal and external facing systems.

How Can Our Unique Perspectives Assist You?

If you have any questions or just want to reach out to one of our experts, use the form and we’ll get back to you promptly.