CreditWorks Achieves ISO 27001 Certification

August 29, 2022

CreditWorks Group is delighted to announce it has achieved ISO 27001 Certification, making it the first and only trade credit bureau in New Zealand to have achieved the globally recognised accreditation.

ISO 27001, the international marque for best practice in Information Security, is widely accepted as the world’s best framework for excellence in data risk management.

“Achieving ISO Certification is huge for our CreditWorks team, and it has absolutely been a collective effort across the business,” says CreditWorks Group Founder & CEO, Ronnie Tan.

“A lot of processes need to be created, both around risk management and the streamlining of procedures, to truly enable the creation of a company-wide risk averse culture in your business”, adds Mr. Tan.

It normally takes around 12 months to achieve ISO 27001 Certification. CreditWorks Group started its ISO journey in April 2021 and achieved certification in June 2022.

“We probably took a little longer than planned, due in part to Covid impacts, but we were not in a hurry either, given the importance of security to our business. Data security is paramount to CreditWorks, given our business is all about data,” says Mr. Tan.

“You must give everything due process, formalise the informal, and document all of your change controls. So much needs to happen just to get to the operational phase, before even starting to get ready for assessment. The assessment audit itself is particularly rigorous, over a 3-day period, it’s quite a process, so it’s fantastic we have reached this major milestone for the industry”, says Mr. Tan.

Now that CreditWorks has achieved ISO 27001 Certification it will have to consistently demonstrate an ongoing ability to live it each day. The group will be audited twice annually accordingly.



ISO 27001 Certification sets out the requirements of information security management systems. It is part of the ISO 27000 family of standards relating to information and cyber security and offers a comprehensive set of controls, based on best practice in information security.

The requirements for ISO 27001 include 10 management system clauses and 114 information security controls (Annex A). The implementation of the clauses is mandatory for certification, whereas a risk assessment determines which controls are needed. It requires commitment from every aspect of your organisation and will only be effective if you enable the culture shift necessary to embrace it properly.

All news