Cimas Health Group has attained ZWS ISO/IEC 27001:2013 certification, a world-class Information Security Management System that ensures the security and confidentiality of clients’ information.
This makes Cimas the first institution to be certified with this standard.
The Information Security Management System (ISMS) not only addresses how Cimas’s technology handles information but also how the people and processes within Cimas handle its members’ and patients’ information securely.
“We have taken measures to minimize the risk of our customers’ information falling into unwanted hands,” said Cimas Chief Operating Officer, Thando Kembo at the certificate handover ceremony held at the Cimas Head Office.
“We care about our clients’ private, confidential and privileged information and have therefore taken appropriate control measures to protect that information,” she said, adding that Cimas was continuously improving on its Information Security Management System.
Crucial in complying with ZWS ISO/IEC 27001:2013 are confidentiality, with information only being disclosed when appropriate to authorised parties, integrity, meaning that stored information is accurate, and the availability of information so that it is available when needed to help deliver services.
To become certified Cimas made improvements to its information technology structure and various other aspects of its security, including training and risk assessment, before going through the rigorous audit and certification process with the Standards Association of Zimbabwe at its head office at Borrowdale Office Park in Harare.
It passed the audit and certification process carried out by the Standards Association of Zimbabwe, which is an ISO certification body.
Cimas has created a security culture among all its employees and providers of services so that they prioritise information security and live that culture in practice.
“Cimas is following international best practices to mitigate the possibility of cyber threats. We have in place cyber incident response and management processes to monitor and respond to any cyber-attacks,” said Kembo.
“Our ZWS ISO/IEC 27001:2013 certification should reassure our members and other stakeholders that their confidential information is safe with us and that we are compliant with the international standard for ensuring the security of any information we hold related to them,” she added.