Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

The Pragma group celebrates ISO 27001 certification

Business analytics intelligence analysis BI big data technology concept

Achieving ISO 27001 certification is no small feat for any organisation. For the Pragma group, it took two years, significant financial investment and a massive company-wide effort – well worth it for the value that the certification will add to the company and its clients. Pragma is now celebrating this recent achievement and joins a group of approximately 200 South African businesses that have also successfully been certified.

Darryl Lampert, Pragma’s Chief Information Officer, explains that in simple terms, ISO 27001 certification is an international standard for managing information security. Certification is voluntary, and it requires organisations to take a risk-based approach to how they manage all data, particularly sensitive data. The requirements are rigorous, and the outcome is a collection of controls that ensure security practices are of a high standard.

While ISO 27001 certification is not a requirement for POPIA and GDPR compliance, it displays to the regulators that a company has an Information Security Management System (ISMS) in place. In addition, many of the requirements for ISO 27001, POPIA and GDPR overlap.

“By becoming certified, we are meeting internationally recognised requirements to control and minimise our IT risks,” says Darryl, “and we are providing significant evidence to our staff, clients, contractors and the information regulators in the EU and SA that we take cybersecurity risk and  management very seriously.”

The effects of cybercrime on a company’s brand reputation and financial stability can be devastating. In March 2022, a local credit reporting agency was held to ransom by a hacker group demanding $15 million (R225 million) for over four terabytes of compromised data1. In May 2022, one of South Africa’s leading pharmacy retailers was the victim of a cyberattack in which their third-party service provider was hacked, leading to the personal details of more than three million clients being compromised2.

“Cybercrime is a harsh reality, and so we didn’t want to approach certification indifferently as a clinical tick-box exercise simply to make our company look safe,” says Darryl. “We were intentionally seeking the real benefits of certification for our cybersecurity, mainly improving our overall cybersecurity posture.”

Achieving certification was very much a team effort. “We are indebted to external consultant Alistair Corder from Apliso for his expertise and support every step of the way. Leon Swart from Sancert and his team provided valuable guidance prior to the certification audit. Internally, there was a combined effort from ICT, R&D Support and Development, HR and Finance. It’s important to be aware that managing information security in a company isn’t the sole responsibility of ICT – it needs to be part of the company culture,” says Darryl.

Being ISO 27001 certified does not prevent a company from being hacked. No company is safe from this, no matter what measures they have in place and how much money they spend. “What certification does do is give our clients the peace of mind that we take our cybersecurity very seriously and have the systems in place to address our risks in an internationally recognised way. Cybersecurity is a journey and not a destination,” Darryl concludes.

 

  1. https://businesstech.co.za/news/cloud-hosting/569658/transunion-cyber-attack-hackers-demand-r225-million-ransom/ accessed 4 August 2022
  2. https://www.itweb.co.za/content/PmxVE7KEABOqQY85 accessed 4 August 2022

 


More content

    How did you hear about us?