PHN achieves ISO/IEC 27001:2022 certification

July 31, 2025

Darling Downs and West Moreton PHN achieved International Organisation for Standardisation (ISO) certification in May this year, reflecting its commitment to ensuring information systems are appropriately protected.

The Australian Government requires all 31 Primary Health Networks to achieve ISO/IEC 27001 by mid-2026.

Conformity with ISO/IEC 27001:2022 means the PHN can better demonstrate it has an effective system to safely and securely manage the data it receives from the community.

To become ISO compliant, the PHN’s Digital Transformation, Performance and Evaluation team undertook a range of activities, including:

Conducting a gap analysis to see where we are and where we need to improve.
Developing a Statement of Applicability (SoA) to help us decide which ISO controls applied to us.
Conducting a comprehensive risk assessment and asset inventory.
Enhancing the PHN Information Security Management System (ISMS).
Developing and reviewing policies and procedures aligned with ISO/IEC 27001:2022 controls.
Further staff training and awareness sessions on information security.
Working closely with our Managed Service Provider (MSP) to improve technical controls, such as access management and endpoint security.
Performing internal audits and a management review prior to the external audit.

Achieving compliance with the International Standard is a long-term commitment. This work began in March 2024 and is now an ongoing function of the PHN in order to achieve re-certification every three years.

For PHN staff, ISO compliance reinforces the shared responsibility of cybersecurity. It isn’t just about tech – it’s about people, culture, and everyday habits.

Health Data Analyst at the PHN, John Chan, reflected on the importance of cross-team collaboration in the process of accreditation:

“One of the biggest takeaways was how this process helped us to work better together across teams. It was challenging at times, but we’re now in a stronger position when it comes to protecting sensitive information.

We now have a greater foundation to support our information and data governance going forward.”

With surveillance audits in early 2026 and 2027, and a goal of recertification in 2028, the PHN will maintain high quality processes to ensure effective outcomes in every aspect of the organisation’s operations. 

Back to PHN News Next Article

Subscribe to our Newsletters

Subscribe to our e-newsletters to stay up-to-date with news and information affecting health care providers in the Darling Downs and West Moreton region:

Connect with Us

Acknowledgement of Country

We acknowledge the Aboriginal and Torres Strait Islander peoples as the Custodians of the land on which we work, and recognise that the concepts of land, family and spirituality are directly linked to Aboriginal and Torres Strait Islander peoples' physical, mental, social, spiritual and cultural wellbeing. We pay respect to Elders past and present, as well as emerging leaders, and commit to a future with reconciliation and renewal at its heart.

E: info@ddwmphn.com.au P: 07 4615 0900

Darling Downs Office
Level 1, 162 Hume Street (PO Box 81),
Toowoomba QLD 4350

West Moreton Office
Level 5, World Knowledge Centre, 37 Sinnathamby Boulevard,
Springfield Central QLD 4300

PHN achieves ISO/IEC 27001:2022 certification

Subscribe to our Newsletters

Connect with Us

Acknowledgement of Country

Contact Us