CreditWorks is New Zealand’s only ISO 27001 – Information Security Management – Certified Commercial Credit Bureau
ISO 27001 Secure
CreditWorks Group has been proudly holding ISO 27001 Certification since June 2022, solidifying its position as a leading trade credit bureau in New Zealand. As the first and only commercial credit bureau in the country to achieve this globally recognised accreditation, CreditWorks has long been committed to ensuring information security and upholding data risk management excellence.
ISO 27001 Certification: A Proven Standard in Information Security
ISO 27001 Certification stands as an international standard for best practices in Information Security Management Systems (ISMS). Part of the esteemed ISO 27000 family of standards dealing with information and cyber security, it offers a comprehensive set of controls based on industry best practices. The certification mandates 10 management system clauses and 114 information security controls (Annex A), ensuring that organisations maintain a secure environment for their data. Achieving this prestigious certification requires a steadfast dedication to information security and a proactive culture shift to embrace and enforce the best practices effectively.
Company-Wide Risk-Adverse Culture
“Achieving ISO Certification is huge for our CreditWorks team, and it has absolutely been a collective effort across the business,” says Ronnie Tan, CreditWorks Group’s Founder & CEO. “A lot of processes need to be created, both around risk management and the streamlining of procedures, to truly enable the creation of a company-wide risk-averse culture in your business,” he adds.
The Path to Certification
CreditWorks Group embarked on its ISO journey in April 2021 and successfully obtained the ISO 27001 Certification in June 2022. During the certification process, the company’s focus on data security, given its core business emphasis on data, played a crucial role in achieving this milestone.
Mr. Tan acknowledges, “We probably took a little longer than planned, due in part to Covid impacts, but we were not in a hurry either, given the importance of security to our business. Data security is paramount to CreditWorks, given our business is all about data.”
“You must give everything due process, formalise the informal, and document all of your change controls. So much needs to happen just to get to the operational phase, before even starting to get ready for assessment. The assessment audit itself is particularly rigorous, over a 3-day period, it’s quite a process, so it’s fantastic we have reached this major milestone for the industry,” says Mr. Tan.
Sustaining Information Security Excellence
Having achieved the ISO 27001 Certification, CreditWorks Group maintains a steadfast commitment to information security. The company consistently demonstrates its adherence to the certification’s standards and practices through biannual audits, ensuring that information security remains a top priority, and all measures are effectively implemented.
CreditWorks Group’s dedication to ISO 27001 Certification exemplifies its unwavering commitment to protecting sensitive data, providing clients and partners with unwavering confidence in their data security practices. As the trailblazer in achieving this prestigious certification among trade credit bureaus in New Zealand, CreditWorks sets a high benchmark for information security in the industry, positioning itself as a leader in data risk management.