The Co-operative Bank of Kenya has upgraded its ISO/IEC 27001:2022 standard and has been awarded the latest international benchmark for information security management systems.
BSI is the accrediting organisation that presents the award to the business, which was done in an official event at Co-operative Bank House on Friday, September 5, 2025.
The transition was made possible by a comprehensive external audit that examined the physical security as well as other parts, such as systems for controlling network access, Risk management protocols, change management processes, business continuity planning, and security best practices in software development.
ICT Director and Innovations Manager, Charles Washika, said, “Getting this certificate shows how serious we are about customer information protection via top-notch information security standards.
This achievement has had a positive impact on both our risk management and the standardization of information security policies across the organization as well as our response to incidents.
The extensive measures we have taken certainly assure regulatory compliance and at the same time promote the confidence that customers, partners, and regulatory bodies put in Co-operative Bank.” Pointing out the significance of the success, Ilias Karampoikis, BSI IMETA Sales and Commercial Director, said:
“The digital world changes globally, and now it appears that businesses that were once entirely on-premises have gone cloud-based and digitally reliant. BSI feels honoured to be their partner in this transition.
Getting ISO/IEC 27001-certified (information security management) is the way to show that a bank like Co-op has done the work needed to safeguard itself from cyberattacks and has security aligned with global best practices. You are in the middle of the technological transformation era, and the focus on digital trust is the most appropriate. To the team on this move, get my sincere congratulations.”
It is a landmark for Co-operative Bank in 2014 when it became the first bank in East Africa to achieve ISO/IEC 27001:2013 certification. The updated ISO/IEC 27001:2022 standard outlines a revolutionary method for tackling various kinds of cyber threats, vulnerabilities, and risks while ensuring the confidentiality, integrity, and availability of sensitive customer data.
The certification significantly advances the claim of the bank’s customers by verifying that their personal and financial data handling is in accordance with security protocols recognised worldwide. This, in turn, lowers the possibility of privacy intrusions and facilitates safe digital banking services.
“Since the time of our first ISO certification, we have been equally committed to the security of our information throughout the last decade. As part of our countermeasures to cyber threats, we have expanded our security amenities with the latest security tools, hired skilled cybersecurity experts, and put into practice new mechanisms to comply with all 93 ISO/IEC 27001 control requirements. The customer security will benefit from our long-standing and shared resolve to implement the most modern safety infrastructure in the sub-region,” Washika said.
Following the example of the first East African bank to be certified under ISO/IEC 27001, Co-operative Bank continues to be the leading figure that raises the bar for sector-wide information security standards in the regional banking industry. The bank also becomes more competitive in the global markets and its plans for expansion in East Africa are complemented by this achievement.
This accreditation is in line with the aims of the Kenyan financial sector to adopt technology and has a positive influence on the bank’s compliance with Central Bank of Kenya regulations.