NCBA Bank Kenya and Uganda have achieved dual ISO certification from the British Standards Institution (BSI). This makes NCBA the 1st bank to attain ISO/IEC 27701 (Privacy Information Management System) on data privacy in East and Central Africa.
BSI is the global accreditation body that certifies and accredits organizations on standards. For the bank, this marks a major milestone in strengthening information security, data privacy, and regulatory assurance across their operations.
The ISO/IEC 27001 (Information Security Management System) and ISO/IEC 27701 (Privacy Information Management System) certifications reinforce the Bank’s comprehensive and systematic approach to managing, processing and safeguarding sensitive data relating to customers, employees and third parties.
These certifications ensure that an organization meets the rigorous standards of security and service management. It also aligns with NCBA’s security and privacy controls with global best practices and supports compliance with the Kenya Data Protection Act and the Uganda Data Protection and Privacy Act.
The certification also represents a proactive commitment to privacy management further reinforcing trust in the bank’s ability to protect the data of customers, partners, and stakeholders while meeting the highest international standards.
Isaac Owilla, Group Director Technology & Operations, said, “Attaining these dual ISO certifications is a significant milestone in our continuous journey to strengthen information security within our operations. Our customers can be assured that we uphold the highest standards in security, service management and regulatory compliance. We realize that compliance is not a destination and we remain committed to providing services that are secure, efficient, and high-quality to our customers.”
This certification initiative is driven by NCBA’s growing digital footprint, cross-border operations, and increasing reliance on technology and third-party service providers. Phase one of the programme focused on Kenya and Uganda, with Kenya prioritised due to its role in delivering approximately 80% of the Group’s information security and technology functions. Phase 2 of the program is planned to extend certification to Loop DFS, Tanzania, and Rwanda, leveraging the governance framework, controls, and lessons learned from Phase 1.
The two certifications build on each other with ISO/IEC 27001 providing a structured, risk-based framework for protecting the confidentiality, integrity, and availability of information assets, while ISO/IEC 27701 strengthens privacy controls and governance around Personally Identifiable Information (PII).
According to Mr Owilla, “NCBA is committed to maintaining high standards by ensuring its staff are well-trained in compliance and best practices, encouraging active participation in system improvements, and fostering a culture of continuous enhancement. This approach strengthens the bank’s ability to deliver top-tier service, maintain information security, and achieve operational excellence.”
With its dual ISO certifications, NCBA Bank solidifies its standing as a leader in the banking industry, demonstrating its dedication to global standards and providing secure, reliable, and innovative financial services to customers.