Kenya Bureau of Standards (KEBS) conducted a blended (virtual and on-site) ISMS Recertification Audit from 19th May to 28th May 2021. Fourteen departments were sampled and audited. The audit objectives were to determine conformity of the University’s Information Security Management System with audit criteria, determine ability of management system to ensure the University meets applicable statutory, regulatory and contractual requirements and evaluate the system performance over the certification period. At the end of the audit it was the auditors’ conclusion that the University’s Information Security Management System meets the requirements of ISO/IEC 27001:2013 Standard. The auditors recommended UoEm recertification to ISO/IEC 27001:2013 for a period of three years from 2021 to 2024.