CIMIC Group companies CIMIC, CPB Contractors, Broad, UGL, Sedgman and EIC Activities have achieved ISO 27001 accreditation – the international standard for Information Security Management.
ISO 27001 accreditation demonstrates the advanced information management, cyber security, and data protection CIMIC Group has in place, supporting our operations, clients and partners, and our ongoing digitisation.
Globally recognised, ISO 27001 specifies a framework of strict requirements and controls for building and continually improving an information security management system, and readiness to manage any consequences of information security incidents.
Our Group’s unified ONE IT team led successful completion of the rigorous independent assessment process – building on their foundational work which has connected the Group’s ICT systems, technologies and processes.
Rob Stuart, CIMIC Executive General Manager Information Systems and Digital Innovation said:
“ISO 27001 accreditation confirms CIMIC Group has built a powerful and secure digital work environment, which is supporting our operations, software development capability and ongoing digitisation."
“Certification also provides our clients and partners with assurance of our information security management system’s reliability, compliance with legal and contractual requirements related to information security, and interoperability via secure digital interfaces. Confidence in our system security helps the Group to win major projects and develop outstanding solutions with our stakeholders.
“ISO 27001 accreditation is another milestone achievement as we progress Integrated Digital Delivery. Continuously improving systems and security enables us to embed and connect digital solutions across our capabilities, in every phase of work, improving sustainable delivery and services. Thank you to all involved at ONE IT and our Operating Companies.”
ISO 27001 – Information Security Management System certification
The ISO 27001 accreditation process included a comprehensive audit confirming CIMIC Group:
- Examines information security risks, taking account of the threats, vulnerabilities, and impacts
- Designs and implements information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address unacceptable risks
- Adopts a management process to ensure that the information security controls continue to meet the organisation's information security needs on an ongoing basis.