NCBA Bank has officially become the first financial institution in the East and Central African region to secure dual international certifications for information security and data privacy.
The lender was awarded the ISO/IEC 27001 and ISO/IEC 27701 standards by the British Standards Institution (BSI).
This dual accreditation marks a significant shift in the regional banking landscape, signaling a heightened focus on protecting customer and partner data amidst a rapidly expanding digital economy.
While many institutions pursue basic security standards, NCBA’s attainment of ISO/IEC 27001 establishes a global benchmark for its Information Security Management Systems (ISMS).
Furthermore, the bank has broken new ground by becoming the first in the region to achieve ISO/IEC 27701 specifically for privacy information management.
This specific certification is particularly timely, as it directly supports compliance with the Kenya Data Protection Act and the Uganda Data Protection and Privacy Act.
By aligning with these frameworks, the bank aims to provide a robust guarantee of privacy to its millions of digital users.
The push for these certifications was driven by the bank’s growing reliance on third-party service providers and its increasing cross-border footprint.
Consequently, the bank adopted a two-phase rollout strategy to ensure comprehensive coverage.
The first phase focused on Kenya and Uganda, with Kenya prioritized because it handles nearly 80% of the Group’s information security and technology functions.
The second phase will extend these governance frameworks to Loop DFS, Tanzania, and Rwanda, utilizing the specific lessons learned and frameworks established during the initial implementation.
In an era where cyber threats are increasingly sophisticated, NCBA’s leadership views these certifications as a core component of their business strategy rather than a mere box-ticking exercise.
Commenting on the milestone, Isaac Owilla, Group Director for Technology & Operations at NCBA, noted that the achievement is part of a long-term journey to strengthen regulatory assurance.
He stated that attaining these dual ISO certifications is a significant milestone in their continuous journey to strengthen information security within operations, adding that customers can be assured the bank upholds the highest standards in security, service management, and regulatory compliance.
“Attaining these dual ISO certifications is a significant milestone in our continuous journey to strengthen information security within our operations. Our customers can be assured that we uphold the highest standards in security, service management and regulatory compliance,” said Owilla.
Ultimately, the bank is backing this certification with heavy investment in staff training and a “compliance culture” to maintain these high standards.
This approach is designed to ensure that the bank’s digital services remain secure and efficient as it continues to scale its operations across the continent.
By building this foundation of digital trust, NCBA positions itself as a technology-driven leader capable of managing data at scale while meeting the rigorous demands of modern international banking regulations.