I&M Group PLC has received the international standard ISO/IEC 27001:2022 certification for Information Security Management Systems (ISMSs) for three out of its five banking subsidiary companies.
ISO/IEC 27001:2022 is the latest version of the internationally recognized standard for ISMS, focusing on the establishment, implementation, maintenance, and continuous improvement of an organization’s ISMS. This certification was received from the British Standards Institution (BSI), a world-renowned standardization and certification organization.
Speaking from the lender’s Nairobi Headquarters, I&M Group PLC Chief Information Officer Nelson Nasongo said, “Achieving ISO 27001 certification underscores I&M Bank’s commitment to maintaining the highest standards of information security. Securing our customers’ data and intellectual property is a key priority and has been integral in fostering trust amongst our customers. This reputation is reflected in the lasting relationships we enjoy with them and is a key driver for business.”
The certification was awarded to I&M Bank Kenya, I&M Bank Rwanda (PLC) and I&M Bank Tanzania Limited. I&M Bank Uganda Limited will commence the certification audit process in the third quarter of 2024. The Kenyan subsidiary recorded excellence in physical security and business continuity management while their Tanzanian counterparts scored highly in information & cyber security. The publicly listed entity in Rwanda registered top scores for their data center, procurement & HR.
I&M Group PLC Regional CEO Kihara Maina commented, “Our dedication to the customer is central to our organizational ethos at a Group level and the subsidiary CEOs are empowered to ensure strict adherence to it. We extend this commitment to enhancing our compliance with various regulatory requirements. This certification assures not only our customers but also industry oversight bodies that we handle information securely and responsibly across all our markets.”
The standard provides companies with guidance to manage the risks to information assets systematically and achieve information protection goals. It speaks to the lender’s comprehensive Information Security Management System (ISMS) which is designed to significantly reduce the risk of data breaches, cybercrime, and financial losses. I&M Bank’s journey towards ISO 27001 certification began in 2021 when the bank recognized the critical importance of robust information security management. After a three years process, the bank in February and March 2024, successfully underwent a thorough certification audit carried out by BSI.