Palladium recently passed its ISO 27001:2013 audit with exceptional results, further strengthening its position as a leader in information security and resilience. The audit, which assessed the company’s systems and processes for safeguarding data, resulted in zero non-conformities and no areas for improvement—an impressive outcome that reflects Palladium’s commitment to the highest standards of cybersecurity.

ISO 27001 is a globally recognised standard for information security management systems. Developed by the International Organisation for Standardisation (ISO), this certification sets rigorous requirements for systematically managing all data, with strict conditions when managing sensitive or personally identifiable information, including risk assessment, incident response, and recovery protocols.

For organisations like Palladium, says co-CEO Sinéad Magill, which operates across 90 countries and handles vast quantities of sensitive information, adhering to ISO 27001 is essential. “Achieving and maintaining ISO 27001 certification is no small feat,” she adds.

It requires that an organisation continuously assesses risks, implements effective controls, and demonstrates that these measures are embedded across its entire infrastructure.

“Our ISO 27001 certification underscores Palladium’s commitment to responsible and secure management of information, especially considering the type of data we handle,” explains Lorena Moreira Saenz, Palladium Global Head of ICT. “We’re not just talking about client data. We’re talking about sensitive details of individual children in Africa, of illnesses; of refugees seeking stability. We have a duty to protect them, and passing this audit without a single non-conformity shows that our systems are resilient and prepared.”

The audit process spanned Palladium’s global operations, including its offices in Washington DC, London, and Brisbane. Moreira adds that Palladium’s central team took a coordinated approach to ensure a smooth audit process, with particular emphasis on thorough preparation and standardised operations across its locations. “It’s truly a team effort. This level of security requires dedication not just from our IT department but from every single employee who touches our systems.”

Putting ICT to the Test

The robust nature of Palladium’s security infrastructure was put to the test recently during the Crowdstrike incident that caused widespread disruption across sectors, including critical industries like aviation. For Palladium, such an event underscored the need for rigorous security protocols and responsive disaster recovery measures. “This is exactly what we train for,” says Moreira. “Every year, we rigorously test our disaster recovery plan so that when an incident does occur, we’re prepared. In this case, our plan allowed us to recover within eight hours, well ahead of our 24-hour recovery target.”

This proactive approach to cybersecurity is reinforced through strict guidelines around software use and equipment management, with the company mandating that employees use Palladium-issued computers configured to comply with security standards. This consistency not only streamlines response efforts in the event of an incident but also minimises vulnerabilities, helping Palladium maintain a secure environment.

Beyond certification, the team is also keenly aware of the financial implications of data breaches. The company continues to invest in top-tier cybersecurity measures, recognising that the potential cost of a data breach—estimated at an average of US$6 million for a ransomware attack and up to US$400 million in GDPR penalties for a significant data breach—could jeopardise even the most financially stable organisations.

“We cannot guarantee that an incident will never happen, but we can make it so challenging for any potential threats that the likelihood remains minimal,” explains Moreira. “ISO 27001 isn’t just a badge; it’s part of a comprehensive strategy to protect our people, our clients, and the individuals in vulnerable communities who trust us with their data.”

“Our success in this year’s audit stands as a testament to the company’s rigorous approach to information security,” adds Magill. “The zero non-conformities result highlights our commitment to continuous improvement, proactive risk management, and a culture of security that extends to every corner of the organisation, proving our capability to protect not only clients’ sensitive information but the communities we serve around the world.”