CIMAS Health Group, a medical aid society in Zimbabwe, has attained ZWS ISO/IEC 27001:2013 certification.
The group says the development means that it has a world-class Information Security Management System in place that ensures the security and confidentiality of clients’ information.
The Information Security Management System (ISMS) addresses how CIMAS’ technology handles information and how the people and processes within CIMAS handle its members’ and patients’ information securely.
ZWS ISO/IEC 27001:2013 emphasises confidentiality, with information only being disclosed when appropriate to authorised parties, integrity, and the availability of information so that it is available when needed to help deliver services.
To become certified, CIMAS made improvements to its information technology structure and various other aspects of its security, including training and risk assessment, before going through the rigorous audit and certification process with the Standards Association of Zimbabwe at its head office at Borrowdale Office Park in Harare.
It passed the audit and certification process carried out by the Standards Association of Zimbabwe, which is an ISO certification body.
Speaking at the certificate handover ceremony held at the Cimas Head Office on the 28th of September 2022, CIMAS Chief Operating Officer, Thando Kembo said:
We have taken measures to minimise the risk of our customers’ information falling into unwanted hands.
We care about our clients’ private, confidential and privileged information and have therefore taken appropriate control measures to protect that information.
Kembo added the certification should reassure members and other stakeholders that their confidential information is safe.