Safaricom has been awarded the ISO 27701 Privacy Information Management System (PIMS) certificate following an evaluation by the British Standards Institute (BSI). The PIMS certificate is the highest certification an organization can attain in the management of privacy information systems as a data controller or processor.
The certification was issued on 16th October after assessing Safaricom’s levels of implementation of customer support, billing services, M-PESA, and data center operations. This serves as a validation of Safaricom’s dedication to safeguarding customer data across its GSM and M-PESA services. The certificate further confirms that the company adheres to globally accepted regulatory and technical standards in the implementation of privacy management systems.
This milestone complements Safaricom’s existing certifications in Information Security Management Systems (ISO 27001 – ISMS) and the Payment Card Industry Data Security Standard (PCI DSS version 4.0). The assessment conducted by BSI took into account various critical elements related to Safaricom’s operations, including effective system controls for the protection of personal information, the implementation of relevant policies including the Data Protection Policy.
Other areas covered included systems such as the Customer Relationship Management (CRM), IP Contact Centre (IPCC), Tibco, Converged Billing System (CBS), Voucher Management System (UVC), M-PESA G2, M-PESA Statement Portal, M-PESA Super App, MySafaricom App, and the M-PESA business App.
Additionally, the telco recently achieved the latest and highest level of PCI DSS Certification (upgraded from v3.21 to v4.0).
Acknowledging the achievement, Safaricom CEO Dr. Peter Ndegwa said, “I would like to applaud the dedicated cross-functional teams whose tireless efforts have made this achievement possible. The attainment of the PIMS certification reaffirms our ongoing commitment to continuously improve our privacy and security measures, ensuring we provide exceptional experiences for our customers while safeguarding their private information.”