ISO 27001 Certification Case Study for Endeavour Energy

This case study details the ISO 27001 certification process undertaken by Endeavour Energy, a key player in the energy sector in Australia. The document outlines the challenges faced by Endeavour Energy, including the need to protect electricity distribution assets from disruptions and to enhance customer trust through improved cybersecurity measures across both Information Technology (IT) and Operational Technology (OT) domains. It describes how CyberCX assisted Endeavour Energy in achieving compliance with the Security of Critical Infrastructure Act 2018 by implementing an Information Security Management System (ISMS) that integrates both IT and OT. The certification process, which took 18 months, involved collaboration with over 78 stakeholders and included site visits, training, and risk mitigation planning. The outcome of this initiative was the successful certification of 21 physical locations, significantly enhancing the cybersecurity posture of Endeavour Energy and supporting Australia's energy transition efforts.