Hactl’s COSAC-plus becomes the first Hong Kong air cargo management system to receive ISO/IEC 27001:2022

Dec 18, 2025

Hong Kong Air Cargo Terminals Limited (Hactl) – Hong Kong’s largest independent cargo handler – has become the first cargo terminal operator in Hong Kong to receive the ISO/IEC 27001:2022 certification for its cargo management system COSAC-Plus and its supporting IT infrastructure, operations, system development processes and cybersecurity controls.

ISO/IEC 27001 is one of the most internationally recognised standards for Information Security Management Systems, providing organisations with a mature framework of policies, processes, and controls designed to safeguard the confidentiality, integrity, and availability of information.

Hactl embarked on its ISO/IEC 27001 journey in 2024. Achieving the certification required extensive intra- and inter-departmental collaboration and re-prioritisation of planned projects and initiatives across the company to ensure total compliance.

Hactl Executive Director–Information Services John Lee (left) received the ISO/IEC 27001:2022 certification from SGS Hong Kong Limited Deputy Director, Products & Services Development Chris Yau (right).

Achieving ISO/IEC 27001 brings meaningful advantages to both Hactl and its customers. It shows that COSAC-Plus and the supporting IT infrastructure, operations, system development processes and cybersecurity controls all meet the internationally recognised cybersecurity standards. It also reassures customers that their information is handled securely, helping them meet their own compliance and data-protection obligations.

“Cyber threats are increasingly sophisticated and ever-present for modern organisations,” says John Lee, Hactl Executive Director – Information Services. “Achieving ISO/IEC 27001 reinforces our readiness, resilience, and capability to safeguard customer information and maintain uninterrupted operations, even under challenging conditions.”

The standard emphasises ongoing evaluation and continuous improvement through the “Plan–Do–Check–Act” cycle. Maintaining ISO/IEC 27001 certification will require continuous effort, including ensuring Hactl’s Information Security Policy aligns with evolving cybersecurity best practices, regular internal audits and annual external audits alongside continuous monitoring and enhancement of security controls. There will also be ongoing staff training and awareness programs to reinforce a continuous improvement mindset.