Certification

Co-operative Bank of Kenya was certified in ISO 27001:2013 in 2014, making it the first Bank in East Africa to achieve this standard. ISO 27001 is the internationally recognized standard for Information Security Management Systems (ISMS). In December 2024, the bank transitioned to the updated ISO 27001:2022 standard, further reinforcing its commitment to information security. This certification demonstrates the bank’s dedication to continual improvement and that the bank’s staff effectively manage a robust security program, ensuring the confidentiality, integrity, and availability of information.

The certification followed a comprehensive external audit conducted by the British Standards Institution (BSI). Achieving ISO 27001:2022 certification requires organizations to show a sustained, structured effort in managing sensitive information, both for the bank and its customers. The audit process evaluates key areas such as physical security, access control, risk management, change management, business continuity, and security best practices in software development.

ISO 27001:2022 offers a strong framework for assessing information security risks and guiding the design, implementation, and management of security measures. Its holistic approach addresses threats, vulnerabilities, and impacts, ensuring the adoption of the right security controls to safeguard customer and stakeholder information.

By embracing the ISO 27001 standard, Co-operative Bank has established fundamental security protocols to protect information. The bank remains dedicated to ensuring that customer data is securely processed and stored, minimizing the risk of data privacy breaches.