Co-operative Bank of Kenya was certified to ISO 27001:2013 in 2014, making it the first Bank in East Africa to achieve this standard. ISO 27001:2013 is the internationally recognized standard for Information Security Management Systems (ISMS). Certification to ISO 27001:2013 demonstrates that Co-operative Bank staff ensure efficiency, confidentiality and integrity in effectively operating a comprehensive security program and managing information security risks.
The certificate was issued after several external audits by British Standards Institution (BSI). To achieve this certification, a company must show a continuous, structured commitment towards managing sensitive company and customer information. The process examines in implementing controls such as physical security, access control, risk management, change management, business continuity and security best practices during software development.
ISO 27001:2013 provides a robust model for information security risk assessment and security design, implementation, and management. With its comprehensive approach, taking account of threats, vulnerabilities, and impacts, the standard helps to ensure the adoption of appropriate security controls that protect the information of customers and other stakeholders.
By adopting the ISO 27001 standard, Co-operative Bank has been able to implement standard minimum baseline requirements in Information Security. Co-operative Bank is committed to ensuring that the customer’s data is processed and stored securely to reduce the chances of data privacy breaches.