Durham first region in Canada to earn prestigious tech accreditation

IT in Durham Region is no longer on the QT after the region was recognized with a special ISO certification – the first municipality in Canada to earn this globally recognized accreditation.

The region’s Corporate Services – Information Technology division has achieved ISO/IEC 27001:2022 certification, the world’s leading standard for Information security management systems. The accreditation is only earned after rigorous requirements for how organizations manage and protect information, ensuring confidentiality, integrity and availability is achieved.

“Information security is at the core of everything we do, and this milestone reflects years of dedication and collaboration across the organization,” said Durham Region CAO Elaine Baxter-Trahair. “Achieving ISO/IEC 27001:2022 validates the strength of our systems and processes, and it positions the region as a leader in protecting the information that supports critical services for our residents. We will continue to strengthen and evolve our practices to stay ahead of emerging risks.”

For residents, accreditation means the core systems that support essential services, from health and social services to infrastructure and finance, are designed with security at their core. This national first also reinforces the region’s leadership in information security and demonstrates a clear commitment to safeguarding the personal and sensitive information residents entrust to the region every day, said Chi-Cheng Chu, Durham’s Chief Information Officer and Chief Information Security Officer.

“This certification reinforces our commitment to the people we serve. Residents trust us with their personal information every day,” he said, adding that the certification demonstrates that the region is meeting global standards to” keep that information safe, secure, and protected.”

“As the first municipality in Canada to earn this certification, we are proud to lead the way in building trust and confidence in how public sector organizations safeguard data.”

The certification reflects more than two and a half years of focused investment in cybersecurity maturity across the organization, including a comprehensive audit completed in spring 2026. Feedback from the audit was highly positive, recognizing the region’s strong security practices, and the preparedness of its teams.