CIHI earns international information security certification

Meeting ISO 27001 standard demonstrates CIHI’s commitment to data protection

January 2015—The Canadian Institute for Health Information (CIHI) has received the ISO/IEC 27001:2005 certification of its Information Security Management System.

This certification recognizes that CIHI has met and exceeded one of the world’s most widely recognized standards for information security management.

“To produce timely, relevant health information for health system planners, decision-makers and all Canadians, we are entrusted with very sensitive data,” said CIHI’s president and CEO David O’Toole. “That access is a public trust—one we take very seriously. This ISO 27001 certification is a testament to CIHI’s commitment to protecting Canadians’ health information.”

The ISO 27001 standard is designed to help organizations manage the security of information assets. In CIHI’s case, that would include confidential personal health information. Certified organizations must meet very clear and exacting IT and operational standards, and be regularly audited and certified by an independent certification body. CIHI’s certificate is issued by the BSI Group, one of the world’s largest accredited certification bodies.

With this new certification, the Canadian public, as well as stakeholders in all levels of government, the health system and academia, can feel confident that CIHI is taking all steps necessary to protect sensitive data.