Co-operative Bank of Kenya achieves certification to ISO 27001:2013

Co-operative Bank of Kenya has announced their achievement of certifying to ISO 27001:2013, making it the first Bank in East Africa to achieve this standard. ISO 27001:2013 is the internationally recognized standard for Information Security Management Systems (ISMS). Certification to ISO 27001:2013 demonstrates that their staff are able to ensure efficiency, confidentiality and integrity in effectively operating a comprehensive security program and managing information security risks. 

The certificate was issued after several external audits by British Standards Institution (BSI). To achieve this certification, a company must show a continuous, structured commitment towards managing sensitive company and customer information. 

Head of IT Risk and Control Department Michael Mbuthia commented that ‘the audit process involved detailed interviews and examination of topics such as physical security, access control, risk management, business continuity, and security best practices during software development’. 

ISO 27001:2013 provides a robust model for information security risk assessment and security design, implementation, and management. With its comprehensive approach, taking account of threats, vulnerabilities, and impacts, the standard helps to ensure the adoption of appropriate security controls that protect the information of customers and other stakeholders.

Co-operative Bank of Kenya is a commercial bank in Kenya. The bank serves the banking needs of individuals, small businesses and large corporations, focusing on the needs of cooperative societies in Kenya. Cooperative Bank is one of the largest financial services institution in Kenya.

The certificate was granted by British Standards Institution BSI, a Royal Charter Company that Certifies Management Systems Globally. Founded in 1901, BSI is the world’s first National Standards Body. BSI has over 3000 staff, operating in over 100 countries through more than 68 offices. BSI specializes in assessment and certification, standards and publications, product testing and training.