Cimas attains ISO information security management certification

Press Release

Wednesday 28 September 2022

Cimas Health Group has attained ZWS ISO/IEC 27001:2013 certification. This means that it has a world-class Information Security Management System in place that ensures the security and confidentiality of clients’ information.

The Information Security Management System (ISMS) not only addresses how Cimas’s technology handles information but also how the people and processes within Cimas handle its members’ and patients’ information securely.

Crucial in complying with ZWS ISO/IEC 27001:2013 are confidentiality, with information only being disclosed when appropriate to authorised parties, integrity, meaning that stored information is accurate, and the availability of information so that it is available when needed to help deliver services. To become certified Cimas made improvements to its information technology structure and various other aspects of its security, including training and risk assessment, before going through the rigorous audit and certification process with the Standards Association of Zimbabwe at its head office at Borrowdale Office Park in Harare.

It passed the audit and certification process carried out by the Standards Association of Zimbabwe, which is an ISO certification body.

Cimas has created a security culture among all its employees and providers of services so that they prioritise information security and live that culture in practice.

“We have taken measures to minimise the risk of our customers’ information falling into unwanted hands,” the Cimas Chief Operating Officer, Thando Kembo said at the certificate handover ceremony held at the Cimas Head Office on the 28th of September 2022.

“We care about our clients’ private, confidential and privileged information and have therefore taken appropriate control measures to protect that information,” she said, adding that Cimas was continuously improving on its Information Security Management System.

“Cimas is following international best practices to mitigate the possibility of cyber threats. We have in place cyber incident response and management processes to monitor and respond to any cyber-attacks,” she said.

“Our ZWS ISO/IEC 27001:2013 certification should reassure our members and other stakeholders that their confidential information is safe with us and that we are compliant with the international standard for ensuring the security of any information we hold related to them,” she added.