Equity Bank Kenya Limited has received two International Standards Certifications – ISO 20000 and ISO 27001 on IT Service and Information Security Management Systems respectively.
The two certifications were issued by the British Standards Institution (BSI).
ISO 20000 shows that the Bank’s service management system is robust enough in the delivery of all IT-related services and is also aligned with its current and future needs. Similarly, the ISO 27001 certification offers assurance to customers that the bank is implementing end-to-end information security controls to protect, the confidentiality, integrity and availability of all customer information.
In his remarks on receiving the two certifications, Equity Group Managing Director and CEO Dr James Mwangi noted that the recognition was a testament to the Bank’s significant investment in data analytics and cyber-security capabilities to better meet its evolving customer needs and expectations and to reduce the potential for data breaches.
“Being fully aware of the risk and impact involved in data information management, it is our commitment to actively continue engaging our stakeholders to ensure that there is appropriate governance in place. The evolution in regulation appropriately balances the value of giving customers control of their data, with our duty to protect customer privacy and security,” said Dr Mwangi.
Other goals for ISO 20000 on service management include protecting revenue flow into the business by providing stable IT services, meeting the Bank’s obligations to stakeholders, including its customers, regulators, shareholders and suppliers, and making IT a business enabler.
While ensuring the Bank has better defined and better-aligned services, increased visibility and control, the service management system also provides a structured framework for setting IT service management objectives, processes and outlines responsibilities for key stakeholders.
Aligned with the service management, the information security certification ISO 27001 also protects revenue flow into the business and prevents confidential information from falling into the wrong hands.
The pathway to this achievement is contained in a structured framework for setting the bank’s information security objectives as provided in the standard.