In a pioneering move for the Australian energy industry, Endeavour Energy has achieved ISO 27001:2022 certification for its Information Security Management System (ISMS)—the internationally recognised standard for cyber and information security management.
The certification, which covers 20 physical locations including 16 critical substations and control rooms, ensures secure, reliable services across Endeavour Energy’s critical infrastructure, including data centres, training rooms, and secondary systems.
Related article: World-first cybercrime index ranks countries by threat level
It marks a significant milestone in the company’s ongoing commitment to ensuring the security of its customers, critical infrastructure, and the broader energy sector against the growing threat of cyberattacks.
“As we move towards an increasingly smarter grid, cybersecurity remains one of our top priorities,” Endeavour Energy CEO Guy Chalkley says.
“The protection of our assets, systems, and customer data is critical to maintaining the safety and reliability of energy supply, supporting the clean energy transition, and enabling customers to confidently connect their energy resources to the grid.
“This certification sets a new standard for cybersecurity within the Australian energy sector. It supports secure, bidirectional energy flows powered by our advanced grid management technologies, reinforcing our commitment to building a cyber-resilient future for our business and customers.”
The ISO 27001:2022 certification is a vital step in Endeavour Energy’s efforts to integrate both Operational Technology (OT) and Information Technology (IT) systems, bolstering its cyber resilience across both domains.
Related article: Improving the cyber resilience of Australia’s energy sector
To enhance its cybersecurity posture and achieve ISO 27001:2022 certification, Endeavour Energy partnered with cybersecurity and cloud services provider CyberCX.
CyberCX played a crucial role in helping Endeavour Energy meet its requirements under the Security of Critical Infrastructure (SOCI) Act, developing a comprehensive ISMS covering both Information and Operational Technology.