Toll achieves ISO 27001 certification


We are proud to announce that Toll is now ISO 27001:2013 certified.   

Achieving this certification means that the business has proven our readiness and proactivity to provide a high standard of security governance in the face of volatile and ever-changing global threats.   

Not only does ISO 27001 certification help demonstrate good security practices, thereby improving customer and business partner confidence but it provides a competitive edge in the marketplace.  

“Being certified to ISO 27001 is acknowledgement that as an organisation, Toll has a clear, systematic, risk-based approach to managing the security of our information assets, and those of our partners and customers”, said Toll’s Chief Information Security Officer, Berin Lautenbach.   

To be recognised for ISO 27001 certification, we had to demonstrate that a system of controls known as an Information Security Management System (ISMS) is in place.  

This certification represents the culmination and reward of over two years of hard work that has taken place as part of our cyber resilience uplift, where we have invested heavily to carry out a comprehensive overhaul of our cybersecurity posture, following an integrated approach through people, processes and technology.  

Gaining ISO 27001 certification is a great reminder of the important role everyone plays in improving our cyber resilience, as well as strengthening relationships with our customers, and we look forward to your continued support for this vital work. 

What is ISO 27001?    

ISO 27001 is the only auditable international standard that defines the requirements of an information security management system (ISMS). The purpose of the ISO 27001 standard is to help preserve confidentiality, integrity and availability of critical business information assets. It does not necessarily mean that a particular organisation is secure, but certification to ISO/IEC 27001 demonstrates that an organisation has defined and put in place best-practice information security policies and processes.  

From ISO 27001 perspective to effectively manage an organization critical information asset an organization must have their different business processes across information security, physical security, human resources, compliance, legal and all other business process working together to deliver security controls.