I&M Group PLC has received the international standard ISO/IEC 27001:2022 certification for Information Security Management Systems (ISMSs) from the British Standards Institution (BSI), a world-renowned standardization and certification organization.
The certification award received is for the three out of its five banking subsidiary companies, namely I&M Bank Kenya, I&M Bank Rwanda (PLC) and I&M Bank Tanzania Limited. I&M Bank Uganda Limited will commence the certification audit process in the third quarter of 2024.
ISO/IEC 27001:2022 is the latest version of the internationally recognized standard for ISMS, focusing on the establishment, implementation, maintenance, and continuous improvement of an organization’s ISMS.
Speaking from the lender’s Nairobi Headquarters, I&M Group PLC Chief Information Officer Nelson Nasongo said the award underscores the Bank’s commitment to maintaining the highest standards of information security.
“Securing our customers’ data and intellectual property is a key priority and has been integral in fostering trust amongst our customers which is key driver for business,” he said.
In a press statement sent to newsrooms, Nasongo announced that Kenyan subsidiary did well in physical security and business continuity management, with their Tanzanian counterparts scoring highly in information and cyber security, while Rwanda registered top scores for their data centre, procurement and human resource.
Speaking at the event, I&M Group PLC Regional Chief Executive Officer Kihara Maina said the award certification assures not only the Bank’s customers but also industry oversight bodies that I&M handle information securely and responsibly across all its markets.
“Our dedication to the customer is central to our organizational ethos at a Group level and the subsidiary CEOs are empowered to ensure strict adherence to it. We extend this commitment to enhancing our compliance with various regulatory requirements,” he added.
The standard provides companies with guidance to manage the risks to information assets systematically and achieve information protection goals, as well as speaks to the lender’s comprehensive Information Security Management System which is designed to significantly reduce the risk of data breaches, cybercrime, and financial losses.
I&M Bank’s journey towards ISO 27001 certification began in 2021 when the bank recognized the importance of robust information security management, after a three years process.
In February and March 2024, I&M Bank’ successfully underwent a thorough certification audit carried out by British Standards Institution.
By Bernadette Khaduli