As health professionals, we take our commitment to digital privacy and security seriously, so to ensure our stringent measures measure up to the highest standard, KINNECT has attained the global ISO27001 Information Security Management Systems Certification.
ISO27001 is a voluntary standard. However, after recent data breaches by major organisations such as Optus, Latitude, and Medibank, it has become a requirement for large multi-national companies.
While not a compulsory regulation in our industry, at KINNECT, we felt that it was important to acquire given the confidentiality requirements for health care provision, and the nature of our SaaS solution Carelever which stores health data. This new certification adds to our existing ISOs: 90001 Quality Management and 14001 Environmental Management Systems.
In May 2024, the certification was awarded to KINNECT as "A national provider of Occupational Health & Workplace Rehabilitation services, including injury prevention and management, and pre-employment services, to public private and government sectors with support of cloud based Carelever Software across Australia as per the Statement of Applicability v1.0”. Certification involved a lengthy and thorough evaluation process during which a third party determined whether our IT policies, processes and usage pertaining to information security, cybersecurity and privacy protection met the security standards detailed under ISO27001.
KINNECT’s IT team, began the two-phase certification process in May 2023, creating an Integrated Management System (IMS) manual and quality assurance documents. The team sought expert assistance from an external party – Compass Assurance Services to help us prepare for the Phase 1 audit in December 2023. This audit was conducted to ensure we complied with the ISO requirements before the formal audit was conducted in Phase 2 in March 2024.
The ISO27001 certification will give both KINNECT and Carelever clients reassurance that our information security is managed to a globally recognised standard and will reduce the time taken to prepare the quality assurance documentation that clients need to work with us.
Beyond ensuring compliance with regulations, the certification demonstrates our commitment to operating with enhanced security measures for our clients. It has also sharpened our risk management and business processes when it comes to cybersecurity. KINNECT ensures client and employee data security across all platforms we use, including Carelever, using multi-factor authentication (MFA). All data is stored on the Amazon Web Services Asia Pacific Region in Sydney which offers a highly available and resilient service with built-in firewalls, a unique user setup with MFA, security logs and asset identification and configuration.
For further information on our data security measures, please contact us.