I&M Group has received the international standard ISO/IEC 27001:2022 certification for Information Security Management Systems (ISMSs) for 3 out of its 5 banking subsidiaries. They are I&M Bank Kenya, I&M Bank Rwanda, and I&M Bank Tanzania.
The certification focuses on the establishment, implementation, maintenance, and continuous improvement of an organization’s ISMS, and was received from the British Standards Institution (BSI). I&M Bank Uganda will begin the certification audit process in the third quarter of 2024.
The Kenyan subsidiary recorded excellence in physical security and business continuity management while their Tanzanian counterparts scored highly in information and cyber security. The publicly listed entity in Rwanda registered top scores for their data center, procurement, and HR.
Speaking from I&M Bank Nairobi headquarters, I&M Group Chief Information Officer Nelson Nasongo said, “Achieving ISO 27001 certification underscores I&M Bank’s commitment to maintaining the highest standards of information security. Securing our customers’ data and intellectual property is a key priority and has been integral in fostering trust amongst our customers. This reputation is reflected in the lasting relationships we enjoy with them and is a key driver for business.”
On his part, I&M Group Regional CEO Kihara Maina commented, “Our dedication to the customer is central to our organizational ethos at a Group level and the subsidiary CEOs are empowered to ensure strict adherence to it. We extend this commitment to enhancing our compliance with various regulatory requirements. This certification assures not only our customers but also industry oversight bodies that we handle information securely and responsibly across all our markets.”
The ISO/IEC 27001:2022 standard certification provides companies with guidance to manage the risks to information assets systematically and achieve information protection goals. I&M Bank’s journey towards ISO 27001 certification began in 2021, when the bank recognized the importance of robust information security management. After a three years process, the bank in February and March 2024, successfully underwent a thorough certification audit carried out by BSI.