A raft of recent cyber security incidents within Australia including those with Medibank and Optus, together with the increased awareness of obligations with respect to Australian and European data protection laws, it’s no surprise to learn of moves that favour selecting development partners that take their client’s data protection obligations very seriously.
At CIBIS, we’ve always considered this a priority, however, we are now in the process of going one step further in our journey towards gaining ISO 27,001 accreditation.
Gaining ISO accreditation requires an investment of many tens of thousands of dollars and hundreds of hours of time, but compliance isn’t just about avoiding something bad like a data breach. It about building a secure foundation for us and our customers and by having formalised systems and organisational controls in place.
The requirements for us to manage and store customer data is based around key criteria including managing the security, availability, processing integrity, confidentiality, data privacy and more. In short it's about developing an Information Security Management System.
It’s going to require us to extensively review our policies and processes and be subject to external audit, but we believe it demonstrates a commitment to security and will provide an important differentiator going forward when compared with other providers who do not maintain these standards.