NCBA Bank Kenya and Uganda Earns Dual ISO Certification
NCBA Bank Kenya and Uganda have received dual ISO certification from British Standards Institution (BSI), a significant step in reinforcing information security, data privacy and regulatory compliance in their operations.
This certification makes NCBA the first bank in East and Central Africa to get ISO/IEC 27701 (Privacy Information Management System), thus setting a new benchmark for data protection in the region.
ISO/IEC 27001 offers a well-organized, risk-based framework for ensuring the confidentiality, integrity, and availability of information assets, while ISO/IEC 27701 enhances privacy governance and the controls over the handling of Personally Identifiable Information (PII).
Furthermore, the certifications bring NCBA’s security and privacy controls in line with the best global practices and facilitate adherence to the Kenya Data Protection Act and the Uganda Data Protection and Privacy Act.
This proactive approach not only boosts regulatory assurance but also helps to strengthen the trust in the bank’s capabilities of safeguarding stakeholder data at the highest international standards.
Leadership Commentary on the Milestone
Isaac Owilla, NCBA Group Director for Technology & Operations, referred to the feat as a major milestone in the bank’s information security journey.
“Getting these two ISO certifications is a big milestone in our unending journey to enhance information security in our operations. Our customers can rest their confidence in our security, service management and regulatory standards which are at the highest level, ” Owilla said.
Driven by Digital Growth and Cross, Border Expansion
The certification drive is based on NCBA’s growing digital footprint, cross, border operations, and the increasing use of technology and third, party service providers.
The first phase of the programme concentrated on Kenya and Uganda with Kenya being chosen first because it is the location of about 80 percent of the Group’s information security and technology functions.
The second phase will be about extending the certification to Loop DFS, Tanzania and Rwanda by using governance frameworks and learning from the initial phase.