Latest news with #informationsecurity
News.com.au
3 days ago
- Business
- News.com.au
Optus sued over 2022 data breach that exposed data of 9.5m people
Optus is being sued for allegedly failing to protect the data of 9.5 million people. The Australian Information Commissioner announced on Friday it was launching the legal action. The case stems from a data breach in September 2022. The Information Commissioner will argue Optus failed to adequately manage cybersecurity and information security risk. 'Organisations hold personal information within legal requirements and based upon trust,' commissioner Elizabeth Tydd said. 'The Australian community should have confidence that organisations will act accordingly, and if they don't, the OAIC as regulator will act to secure those rights.' An Optus spokesperson said the company would 'consider the matters raised in the proceedings and will respond to the claims made by the AIC in due course'. 'Optus apologises again to our customers and the broader community that the 2022 cyber attack occurred,' the spokesperson said. 'We strive every day to protect our customers' information and have been working hard to minimise any impact the cyber attack may have had.' Optus would keep investing in security, the spokesperson said, and the cyber threat environment was evolving. 'As the matter is now before the Australian courts, Optus will not be commenting further at this time,' they said. Australian Privacy Commissioner Carly Kind said strong data governance and security needed to be embedded in organisations. 'To guard against vulnerabilities that threat actors will be ready to exploit,' Ms Kind said. The lawsuit alleges that from on, or around October 17, 2019 to September 20, 2022, Optus seriously interfered with the privacy of about 9.5 million Australians by failing to take reasonable steps to protect their personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. The case is being pursued as an alleged breach of the Privacy Act 1988. The Information Commission alleges Optus failed to adequately manage cybersecurity and information security risk in a manner commensurate with the nature and volume of personal information that Optus held, the company's size and its risk profile.
Yahoo
5 days ago
- Business
- Yahoo
FCS Achieves ISO 27001 Certification, Strengthening Information Security Commitment
Certification Validates FCS's Proactive Approach to Risk Management, Compliance and Operational Transparency IRVINE, CALIFORNIA / / August 5, 2025 / FirstCarbon Solutions (FCS), an ADEC Innovation, announces today that it is ISO 27001 certified, a globally recognized standard for information security management. This milestone reinforces FCS's dedication to safeguarding client data, enhancing operational integrity, and maintaining the highest standards of security across its services. To earn this certification, FCS implemented a comprehensive Information Security Management System (ISMS), which included the development and documentation of 100+ new policies. The process involved identifying potential risks, establishing robust controls to mitigate them, and ensuring compliance with all relevant legal and regulatory requirements. The certification process included a series of internal audits to evaluate and refine existing procedures. Following these, FCS underwent a two-stage external audit. The first focused on reviewing documentation to ensure it met ISO standards. The second involved a thorough assessment of day-to-day operations across the company to confirm that practices matched documented policies. ISO 27001 certification demonstrates a high level of commitment to information security, which is increasingly required by clients and partners, particularly in industries where data protection is critical. This certification enhances FCS's ability to secure new projects and meet the expectations of organizations with specific security requirements. For employees, this certification supports business development efforts and strengthens FCS's reputation during client negotiations. It also reinforces a workplace culture that prioritizes data security and operational excellence. Clients benefit from the assurance that their data is managed with internationally recognized safeguards, reducing the risk of breaches and enhancing trust in FCS's services. "FCS is proud to announce this next level in assurance for our clients, partners, and teams," said Patrick Schultz, Executive Vice President, FCS. "Our work in creating positive impact and value involves data that is both public and proprietary, environmental and organizational, objective and subjective, and our ISO 27001 certification demonstrates our commitment to protecting that data in a landscape that is continually evolving from both a regulatory and security standpoint." While ISO 27001 is held by tens of thousands of organizations worldwide, FCS joins a select group of firms in its sector that have made this level of investment in security infrastructure and compliance. About FCS With more than 42 years of experience, FirstCarbon Solutions (FCS), an ADEC Innovation, is a leading provider of fully integrated environmental risk, compliance, and assurance solutions. With six offices throughout Northern and Southern California and 12 across the U.S., FCS provides excellent localized service, accurate research, thoughtful recommendations, and innovative development, mitigation, and compliance solutions to achieve the delicate - and sometimes elusive - balance between development and environmental protection. For more information, visit About ADEC Innovations ADEC Innovations, a leading provider of integrated expertise, software, data, and people, delivers solutions across Environmental Risk, Compliance & Assurance; Sustainability & ESG; and Outsourcing & Impact Sourcing. For nearly 30 years, ADEC Innovations has advanced sustainable business and operational practices around the world by harnessing and transforming information into knowledge and reshaping risk into positive impact and value. With a network of 4,000 employees across 24 countries, ADEC Innovations develops and offers innovative products and services that help governments, coalitions, and businesses worldwide meet their evolving needs and drive organizational value in a world where impact matters. For more information, visit Contact Information Jacki Fricke Director, Marketingmedia@ SOURCE: FirstCarbon Solutions View the original press release on ACCESS Newswire
Zawya
6 days ago
- Business
- Zawya
Yusuf Bin Ahmed Kanoo Group achieves ISO 27001:2022 Certification
Manama, Bahrain – Yusuf Bin Ahmed Kanoo Group (YBA Kanoo) has achieved a significant milestone by obtaining the ISO 27001:2022 certification, reflecting its ongoing commitment to strengthening information security, enhancing internal systems, and aligning with international standards. This certification underscores the Group's dedication to protecting its data assets and maintaining the trust of its clients, partners, and stakeholders. The implementation of ISO/IEC 27001:2022 not only reinforces YBA Kanoo's internal controls but also improves operational efficiency by reducing time, cost, and risks associated with human error. It also demonstrates the company's commitment towards maintaining robust and resilient security practices. In line with its core values and commitment to staying ahead of evolving global standards, YBA Kanoo is exploring additional initiatives to further strengthen its information security posture. This includes investing in advanced security technologies across the group. Looking ahead, YBA Kanoo remains committed to continuous improvement and the adoption of advanced security practices. The Group continues to align with global standards, investing in new technologies, and promoting a culture of accountability to protect stakeholder interests and support long-term operational excellence.
Globe and Mail
30-07-2025
- Business
- Globe and Mail
MetaField Achieves ISO and SOC 2 Certifications, Reinforcing Commitment to Security and Operational Excellence
MINNEAPOLIS, July 30, 2025 (GLOBE NEWSWIRE) -- MetaField, the leading field and lab workflow platform for construction materials testing, geotechnical engineering, and inspection firms, has successfully completed ISO 27001, SOC 2 ® Type 1, and SOC 2 ® Type 2 certification audits. This achievement validates the strength and maturity of MetaField's information security, availability, and confidentiality controls, and marks a significant milestone in MetaField's mission to provide its customers with trusted, secure, and high-performing solutions. Achieving these certifications require months-long, rigorous evaluations by independent third-party auditors. The process involved an extensive audit of MetaField's internal systems, policies, procedures, and risk management practices—ensuring compliance with globally recognized standards for protecting client data and ensuring operational resilience. A Rigorous, Multi-Phase Verification Journey Securing these certifications involved an extensive, organization-wide initiative that included: ISO 27001: Demonstrating the design and implementation of a comprehensive Information Security Management System (ISMS) aligned with global standards. SOC 2 Type 1: Verifying that essential security and compliance controls were properly designed at a point in time. SOC 2 Type 2: Proving the effectiveness of those controls over time—ensuring sustained operational integrity and maturity across systems and processes. NQA-1 Audit: Alongside the ISO and SOC 2 audits, Agile Frameworks participated in a client-led NQA-1 audit as part of their software vendor approval process. Following a rigorous four-week, seven-step evaluation, MetaField was found to be in compliance with applicable NQA-1 2008/2009a requirements and was added to the client's Approved Supplier List for the MetaField software—further reinforcing our commitment to quality, security, and traceability. 'As firms continue to increase their reliance on 3 rd party software solutions, they are expecting them to meet these rigorous standards. MetaField does that. This was an intensive, organization-wide effort that validates the trust our customers place in us,' said David Gagne, CEO of Agile Frameworks. 'From field data collection to lab workflows and reporting, our customers handle sensitive operational data every day. These certifications confirm that MetaField meets the highest standards for securing that data, maintaining system availability, and ensuring integrity across the platform.' Security as a Key Software Evaluation Factor With rising cybersecurity threats and increasing scrutiny on data governance, software buyers in the engineering services industry must evaluate not only functionality—but security, compliance, and vendor accountability. 'We know that our customers' data—especially their field and lab test results—is foundational to the quality of work they deliver to their clients,' said Alicia Schimke, CTO of Agile Frameworks. 'These certifications mean our clients don't have to compromise—MetaField provides secure, audit-ready engineering software that supports compliance, uptime, and client confidence.' Trusted by Industry Leaders By achieving these certifications, MetaField gives construction materials testing, geotechnical, and inspection firms confidence that: Their operational and testing data is protected by ISO 27001 and SOC 2-compliant controls Systems are continuously monitored and resilient against cyber threats Internal governance and risk management practices are proactively enforced Their software partner is investing in long-term security and compliance These assurances reinforce MetaField's commitment to being a trusted, secure, and forward-looking partner for the industry's most discerning firms. About MetaField MetaField is the leading field and lab Operational Workflow Platform that transforms the way engineering services firms deliver. By integrating every step of the workflow – from scheduling to field data collection and lab analysis, to reporting, client delivery, and invoicing – MetaField enables firms to streamline operations, improve data accuracy, and maximize profitability. Developed and supported by Agile Frameworks, MetaField demonstrates a steadfast commitment to empowering firms in achieving operational excellence. As North America's leading provider, we bring 14 years of expertise and are trusted by over 150 companies across the continent. Our solutions cater to engineering services firms specializing in construction materials testing, geotechnical engineering, inspections, and beyond. For more information about MetaField, visit
Forbes
15-07-2025
- Business
- Forbes
Implementing A Clear Desk Policy: A Practical Guide
Bojan Ilic – Chairman & Global Director at Swiss Security Solutions, expert in Security & Investigations. In today's corporate culture, information security is not an afterthought in the back office, but a priority in the boardroom. One of the simplest but most underappreciated elements of a good information security and data protection position is the clear desk policy (CDP). While the premise may seem simple—emptying desks of clutter and sensitive documentation—its strategic and regular enforcement is anything but a trivial exercise. Having helped lead the development and enforcement of a clear desk program at a large consulting firm, I've seen firsthand how this policy can mitigate risk, improve accountability and strengthen data protection culture across multiple jurisdictions and business units. Why A Clear Desk Policy Matters A clear desk policy ensures sensitive documents and electronic devices are secured away when not used, particularly at the close of business. It reduces the likelihood of data compromise, insider threats and unauthorized disclosures. And even more importantly, it reflects a company's commitment to operating discipline and professional responsibility. The value of CDPs holds true in both multinational companies and high-risk businesses. The consulting firm we worked with, for instance, deployed the policy with military-style precision across some of its offices, supported by real-time audit logs, sweep operations, exception handling and multi-role accountability chains. Clear desk enforcement helped the firm reduce data exposure and created a culture of information stewardship. Even the smallest lapses, such as an unattended laptop or a confidential file left open, can become major liabilities. A well-implemented clear desk policy reinforces security at every desk, every night. What Is An ISO 27002 Clear Desk And Clear Screen Policy? While big four companies and other consulting firms, like banks, insurance companies and financial institutions, are not IT firms, the nature of their work—advising clients on financial, legal and strategic matters—demands a rigorous approach to data protection. When I helped implement a clear desk policy across multiple offices, our aim wasn't compliance for the sake of it but to create a culture where securing information was second nature. Whether it's a misplaced laptop or a document left on a desk, the risks are real, even in non-tech industries. The ISO 27002 Clear Desk & Clear Screen Policy provides guidelines for protecting information and physical assets in the office. Key Components Of An Effective CDP Drawing from effective operational frameworks for these policies, here's a guide to implementing a clear desk policy that works: Your policy should define who is responsible for what. In my experience, this includes: • Sweep teams: Conduct physical desk checks after hours. This is usually the responsibility of security services, protection services or security guard teams. • Facility management (FM): Verify asset ownership and update breach logs. • Security managers: Own the process, handle escalations, and ensure compliance across locations. Each role should be backed by clear SOPs to ensure consistency. From breach notices to digital logs, transparency is key. For our client, every seized laptop was logged with a unique asset number, accompanied by a physical breach notice. The database tracked who, what, when and where, which served as a critical foundation for auditing and continuous improvement. Progressive enforcement is critical. We have used a graduated response system: • First breach: Reminder and policy reference. • Second breach: Mandatory security briefing. • Third/fourth breach: Tailored disciplinary action and leadership involvement. Unattended devices should be placed in secure cabinets. Retrieval can then require identity verification and signature, reinforcing the seriousness of the breach. In our client's case, exceptions were allowed but tightly controlled. Assets left running for legitimate business reasons can be tagged with exception authorizations. Permanent exemptions, such as for IT or HR rooms, can be made conditional and revocable upon noncompliance. Education is essential to driving cultural change. In my mandate, employees received tailored guidance documents upon breach and were directed to centralized policy resources. Lessons Learned From The Field Here are some practical insights from managing a CDP at scale: • Consistency beats intensity. Policies must be enforceable across all business units, not just HQ. • Technology is not enough. A fancy asset tracking system fails without human diligence. • Culture trumps policy. Empower staff to understand 'why' they must comply, not just 'what' they must do, and give employees rules and best practices. For example: 1. Clear up the workplace at the end of each day. 2. Secure your devices and data units (such as external drives and USB sticks). 3. No passwords on display or simply hidden in the office. 4. Use lockable storage for sensitive internal or client documents. 5. Employees should conduct regular self-checks. Final Thoughts A well-implemented clear desk policy is more than a checkbox; it's a front-line defense against data loss and reputational harm. By embedding it into daily operations and holding teams accountable, organizations can elevate their security maturity without complex tools or expensive software. If your organization handles sensitive data, and most do, then implementing or refining your clear desk policy is a simple, strategic win. A strong clear desk policy isn't just compliance; it's culture. And as someone who's helped enforce this at one of the world's most demanding firms, I can tell you: It's the small things that protect the big picture. Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
