Cimas Health Group has announced its successful transition to the ZWS ISO/IEC 27001:2022 certification, marking a significant advancement in the organisation’s information security framework and reinforcing its commitment to protecting client and member data.
The latest certification, issued following a rigorous audit by the Standards Association of Zimbabwe, represents an upgrade from the earlier ISO/IEC 27001:2013 standard previously attained by the healthcare provider. The audit was conducted at the group’s Head Office in Borrowdale Office Park, Harare, and confirmed compliance with globally recognised best practices in information security management.
According to Chief Executive Officer Vuli Ndlovu, the certification underscores the organisation’s unwavering focus on confidentiality, integrity, and operational excellence. He noted that the transition reflects alignment with evolving international standards and highlights the group’s dedication to strengthening its systems against emerging cyber threats.
“This achievement confirms that we operate a world-class Information Security Management System designed to safeguard the integrity and confidentiality of our members’ and clients’ information,” said Ndlovu.
The ISO/IEC 27001:2022 certification introduces more robust requirements for managing information security risks, particularly in an increasingly digital healthcare environment. To meet these standards, Cimas Health Group implemented extensive upgrades to its information technology infrastructure, while also enhancing internal processes such as staff training, governance structures, and risk assessment protocols.
The certification process involved comprehensive evaluation of the group’s Information Security Management System (ISMS), which governs how digital and physical information is handled across the organisation. This includes strict controls on data access, secure handling of patient records, and continuous monitoring systems designed to detect and respond to cyber incidents.
Ndlovu emphasized that the strengthened ISMS framework not only protects technology systems but also ensures that employees and operational processes adhere to strict data protection protocols. He added that the organisation has introduced advanced cyber-incident detection and response mechanisms to proactively manage potential threats.
The achievement positions Cimas Health Group as a leader in healthcare data security in Zimbabwe, having been among the first medical service providers in the country to attain ISO/IEC 27001 certification as part of its broader digital transformation journey.
The new certification provides assurance to members, partners, and stakeholders that sensitive information entrusted to the organisation is handled in accordance with internationally recognized security standards.
Cimas Health Group reiterated its commitment to continuously improving its systems to maintain trust and uphold the highest standards of data protection in an evolving digital landscape.
