One of Zimbabwe’s leading health services providers says it has strengthened its data protection systems after transitioning to a new international information security standard.
Cimas Health Group announced it has adopted the ZWS ISO/IEC 27001:2022 certification, a globally recognised benchmark for information security management systems (ISMS). The move replaces the earlier ISO/IEC 27001:2013 standard it previously held.
The organisation described the transition as a significant step in its digital transformation journey, adding that it was the first medical services provider in Zimbabwe to obtain the earlier certification.
Chief executive Vuli Ndlovu said protecting members’ and clients’ information remained a core priority.
“Confidentiality, integrity, and operational excellence are central to how Cimas Health Group operates,” he said.
He added that the updated certification reflects the organisation’s alignment with international best practice and its commitment to strengthening information security governance.
The ISO/IEC 27001:2022 standard places greater emphasis on risk management, cyber resilience and continual improvement of security controls.
Cimas said it implemented upgrades to its information technology infrastructure and enhanced internal processes, including staff training, risk assessments and governance frameworks, in order to meet the new requirements.
Those systems were independently assessed through what the company described as a “rigorous audit” conducted by the Standards Association of Zimbabwe at its head office in Borrowdale Office Park, Harare.
Ndlovu said the certification confirms that the organisation operates “a world-class Information Security Management System designed to protect the security, integrity, and confidentiality of members’ and clients’ information”.
He added that the group has established cyber-incident detection, response and management processes to monitor and address potential threats.
“Our Information Security Management System not only governs how we manage and protect technology-related information but also guides how our people and internal processes securely handle members’ and patients’ data,” he said.
The company said the certification offers reassurance to members, partners and stakeholders that sensitive information is managed in line with internationally recognised standards.
“We value the private, confidential, and privileged information entrusted to us, and we have implemented rigorous control measures to ensure it remains fully protected,” Ndlovu said.