• The two, ISO/IEC 20000-01:2018 and ISO/IEC 27001:2013, protect revenue flow into the business and prevent confidential information from falling into the wrong hands.
• The Bank commits to continue engaging regulators to ensure appropriate governance that balances the value of giving customers control of their data and its duty to protect customer privacy and security.
Equity Bank Kenya Limited has received two International Standards Certifications – ISO 20000 and ISO 27001 on IT Service and Information Security Management Systems respectively, cementing its commitment to prioritising customer safety and satisfaction.The two certifications were issued by the British Standards Institution (BSI).
ISO 20000 shows that the Bank’s service management system is robust enough in the delivery of all IT-related services and is also aligned with its current and future needs. Similarly, the ISO 27001 certification offers assurance to customers that the bank is implementing end-to-end information security controls to protect, the confidentiality, integrity and availability of all customer information.
In his remarks on receiving the two certifications, Equity Group Managing Director and CEO Dr. James Mwangi noted that the recognition was a testament to the Bank’s significant investment in data analytics and cyber-security capabilities to better meet its evolving customer needs and expectations and to reduce the potential for data breaches.
“Being fully aware of the risk and impact involved in data information management, it is our commitment to actively continue engaging our stakeholders to ensure that there is appropriate governance in place. It warrants us to be increasingly aware of our roles and responsibilities in information security and actively play our part in ensuring that the appropriate processes are followed to realize effective information technology metrics. The evolution in regulation appropriately balances the value of giving customers control of their data, with our duty to protect customer privacy and security,” said Dr. Mwangi.
Other goals for ISO 20000 on service management include protecting revenue flow into the business by providing stable IT services, meeting the Bank’s obligations to stakeholders, including its customers, regulators, shareholders and suppliers, and lastly making IT a business enabler.
While ensuring the Bank has better defined and better-aligned services, increased visibility and control, the service management system also provides a structured framework for setting IT service management objectives, processes, and outlines responsibilities for key stakeholders.
Aligned with the service management, the information security certification ISO 27001 also protects revenue flow into the business and prevents confidential information from falling into the wrong hands. The pathway to this achievement is contained in a structured framework for setting the bank’s information security objectives as provided in the standard.