Infotrust has partnered with Cover-More Group, a leading global travel insurance and travel assistance provider to support their evolving information security and compliance needs. During that time, we’ve collaborated closely to help build and mature their Information Security Management System (ISMS), addressing key challenges and evolving regulatory requirements.
Historically, Cover-More Insurances Services (part of Cover-More Group) held ISO 27001:2013 certification and maintained an APAC-centric security framework. However, this was not fit for purpose and required an uplift to meet new requirements of ISO27001:2022.
Cover-More Group faced several critical drivers that led them to strengthen their information security and governance, including:
Pursuing ISO certification and establishing a global security framework was a strategic initiative to internally align business units and ensure that services provided to partners and customers had adequate security controls in place validated by a third party.
Cover-More Group’s security governance program began in 2022, with the goal of certifying all business units across the Group under ISO/IEC 27001 by the end of 2025. The scope was significant, encompassing 19 critical systems underpinning services for both partners and travellers. It was a complex task spanning across all regions and multiple legal entities.
A vital first step was mapping each location to identify compliance influences and clarify ownership at central or business unit levels. Taking this approach reduced duplication, streamlined responsibilities, and allowed for more effective decision-making. Infotrust worked alongside Cover-More Group employees, auditors, and consultants throughout, consolidating IT resources to design and implement a centralised Information Security Management System (ISMS) and provide a single source of truth for policies, controls, and risk management goals across the organisation.
Over the following 15 to 18 months, the project progressed through a series of well-defined phases. This process began by assessing the current state across governance and technology, followed by a review of control implementation and opportunities for centralisation. After introducing both tactical and strategic changes to enhance maturity, an internal audit provided recommendations to ensure Cover-More Group could fully align with ISO/IEC 27001:2022.
Of course, as with any large-scale transformation, the journey wasn’t without its challenges. Competing priorities and capacity constraints required close collaboration and strong internal alignment. In addition, Cover-More Group’s existing security framework was largely APAC-centric and didn’t reflect the broader scope of their global operations. This meant revising all ISMS artefacts and operational procedures, rewriting policies, and updating processes to ensure seamless integration across all business units. Additionally, their setup included a mix of cloud and on-premises systems, which added extra layers of complexity.
To support certification, Infotrust coordinated Cover-More Group’s engagement with ISOQAR, a trusted external auditor with experience in complex, multi-entity environments. With over 700 pieces of evidence from more than 60 stakeholders, it was a huge team effort, but ultimately, it demonstrated that the new ISMS was not just compliant but genuinely fit for purpose.
After 18 months of sustained effort and partnership, Cover-More Group proudly achieved ISO/IEC 27001 certification across 16 locations. The milestone spans all business entities within the Group, marking a major step forward in their security and governance journey.
Infotrust’s prior experience supporting Cover-More Insurances Services (part of Cover-More Group) during their 2019 certification engagement helped build trust from the very start and made it easy to work together. Infotrust quickly became part of Cover-More Group’s security team, working closely with them, following established working practices and engaging directly with stakeholders across the business.
As a consultancy team, Infotrust brought deep ISO 27001 expertise, combined with a practical and scalable approach to control design, adapting their reporting to meet the needs of both technical teams and executive leadership. As Cover-More Group’s CISO Matthew Townend noted, “Throughout this journey, the support, attention to detail, expertise and flexibility in how the outcome of this program was delivered was exceptional.”
The success of the ISO 27001 certification was underpinned by Infotrust’s long-term engagement model. With years of experience supporting Cover-More Group, the Infotrust team had a clear understanding of the organisation and its working practices, including adjusting to time zones, asynchronous communication styles, and the demands of a globally distributed team.
Our consultants combined independent task ownership with collaborative, workshop-led delivery, ensuring rapid progress without sacrificing stakeholder engagement. We also made sure to focus on the work that would make the biggest impact, like creating early-stage artefacts and practical procedures for specific teams, while working in close consultation with control owners to ensure everything aligned with internal standards.
Having worked alongside Cover-More Group since 2019, Infotrust has played an ongoing role in maturing its governance and technology capabilities. And this collaboration continues to evolve, with Infotrust now recognised as a strategic partner for future security and compliance initiatives.
ISO/IEC 27001 certification represents a critical milestone in Cover-More Group’s information security journey, laying a strong foundation for ongoing security maturity. Their team can now focus on strengthening controls even further and making smart, risk-based decisions about where to invest time and resources.
Cover-More Group plans to align future maturity assessments to the NIST Cybersecurity Framework 2.0, connecting this with other standards like ISO 27001, SOC 2, and PCI-DSS 4.0. This strategic alignment will support consistent, group-wide adherence to best-practice standards and further integration with Zurich Group’s Internal Controls Integrated Framework (ICIF) for information security.
The scale and depth of this achievement demonstrate Cover-More Group’s long-term commitment to security excellence and protecting their customers’ data. At Infotrust, we’re incredibly proud to have played a part in helping them reach this milestone and look forward to what’s next.
Cover-More Group (part of Zurich Cover-More) operates in more than 15 countries across five continents, with leading positions in the USA, Australia, Brazil, Argentina, Ireland and New Zealand. Cover-More Group offers world-class emergency medical assistance and travel security support through their 24/7 command centres in Australia, Argentina, Canada and the United Kingdom.
