By Judith Matanire
Cimas Health Group has attained the upgraded ZWS ISO/IEC 27001:2022 certification, reinforcing its commitment to safeguarding client and member data in line with international standards.
The certification marks a transition from the earlier ISO/IEC 27001:2013 standard and positions the health services provider among the first in Zimbabwe’s medical sector to reach this milestone as part of its ongoing digital transformation.
Speaking on the development, Chief Executive Officer Vuli Ndlovu said confidentiality, integrity, and operational excellence remain central to the organisation’s operations.
He noted that the ISO/IEC 27001:2022 certification reflects the group’s alignment with globally recognised information security standards and demonstrates its continued investment in protecting sensitive data.
To meet the updated requirements, Cimas implemented upgrades to its information technology infrastructure, alongside strengthening internal processes such as staff training, governance frameworks, and risk assessments.
The certification followed a comprehensive audit by the Standards Association of Zimbabwe at the group’s head office in Borrowdale, Harare.
Ndlovu said the achievement confirms that the organisation operates a robust Information Security Management System designed to ensure the security, integrity, and confidentiality of client information.
As part of its cybersecurity framework, the group has also put in place systems to detect, respond to, and manage cyber threats, while ensuring employees and internal processes align with strict data protection protocols.
The latest certification provides assurance to members, partners, and stakeholders that their information is being handled in accordance with internationally recognised best practices.
Cimas said it remains committed to maintaining strict control measures to protect all confidential and sensitive data entrusted to the organisation.
