Equity Bank Kenya Limited has received two International Standards Certifications – ISO 20000 and ISO 27001 on IT Service and Information Security Management Systems respectively.
The two certifications were issued by the British Standards Institution (BSI) and cement the bank’s commitment to prioritizing customer safety and satisfaction.
ISO 20000 shows that the Bank’s service management system is robust enough in the delivery of all IT-related services and is also aligned with its current and future needs. Similarly, the ISO 27001 certification offers assurance to customers that the bank is implementing end-to-end information security controls to protect, the confidentiality, integrity and availability of all customer information.
Other goals for ISO 20000 on service management include protecting revenue flow into the business by providing stable IT services, meeting the Bank’s obligations to stakeholders, including its customers, regulators, shareholders and suppliers, and lastly making IT a business enabler.
While ensuring the Bank has better defined and better-aligned services, increased visibility and control, the service management system also provides a structured framework for setting IT service management objectives, processes, and outlines responsibilities for key stakeholders.
Aligned with the service management, the information security certification ISO 27001 also protects revenue flow into the business and prevents confidential information from falling into the wrong hands. The pathway to this achievement is contained in a structured framework for setting the bank’s information security objectives as provided in the standard.
Equity Group Managing Director and CEO Dr. James Mwangi, had this to say, “Being fully aware of the risk and impact involved in data information management, it is our commitment to actively continue engaging our stakeholders to ensure that there is appropriate governance in place. It warrants us to be increasingly aware of our roles and responsibilities in information security and actively play our part in ensuring that the appropriate processes are followed to realize effective information technology metrics. The evolution in regulation appropriately balances the value of giving customers control of their data, with our duty to protect customer privacy and security.”