Endeavour Energy has achieved an internationally recognised certification for its ISMS (Information Security Management System).
The ISO 27001:2022 certification – which covers 20 physical locations including 16 critical substations and control rooms – ensures secure, reliable services across Endeavour Energy’s critical infrastructure, including data centres, training rooms, and secondary systems.
Endeavour Energy said it marks a significant milestone in its ongoing commitment to ensuring the security of its customers, critical infrastructure, and the broader energy sector against the growing threat of cyberattacks.
Endeavour Energy CEO, Guy Chalkley, said, “As we move towards an increasingly smarter grid, cybersecurity remains one of our top priorities.
“The protection of our assets, systems, and customer data is critical to maintaining the safety and reliability of energy supply, supporting the clean energy transition, and enabling customers to confidently connect their energy resources to the grid.”
Mr Chalkley said the certification sets a new standard for cybersecurity within the Australian energy sector.
“It supports secure, bidirectional energy flows powered by our advanced grid management technologies, reinforcing our commitment to building a cyber-resilient future for our business and customers.”
The ISO 27001:2022 certification is a vital step in Endeavour Energy’s efforts to integrate both operational technology (OT) and information technology (IT) systems, bolstering its cyber resilience across both domains.
To enhance its cybersecurity posture and achieve ISO 27001:2022 certification, Endeavour Energy partnered with leading cyber security and cloud services provider CyberCX.
Endeavour Energy said CyberCX played a crucial role in helping the utility meet its requirements under the Security of Critical Infrastructure (SOCI) Act, developing a comprehensive ISMS covering both Information and Operational Technology.
The implementation process, which spanned 18 months, involved:
- Physical site visits
- Tailored education and training programs
- Identification of critical systems and security controls
- Risk mitigation planning across critical infrastructure and personnel
CyberCX CEO, John Paitaridis, said Endeavour Energy is setting the benchmark for building customer trust within the energy sector.
“CyberCX is proud to support this commitment to safeguarding our electricity grid and enhancing the resilience of critical infrastructure for all Australians.”
Endeavour Energy Information Security Manager, Gijo Varghese, said, “With this certification, we have strengthened the protection of our advanced distribution management systems, substations, and control rooms, ensuring that Endeavour Energy’s operations remain resilient against evolving cyber threats.
“As Australia navigates the current energy transition, it’s essential for the electricity supply industry to continuously enhance its cybersecurity posture to stay ahead of emerging threats,” Mr Varghese said
“The certification allows Endeavour Energy to demonstrate to key stakeholders our commitment to continually improving its cyber security posture, enabling it to be at the forefront of energy transition.”
