I&M Group PLC has proudly announced its achievement of the ISO/IEC 27001:2022 certification for Information Security Management Systems (ISMS) for three of its five banking subsidiaries. This certification, awarded by the British Standards Institution (BSI), underscores the Group’s commitment to maintaining the highest standards of information security.
ISO/IEC 27001:2022 is the latest version of the internationally recognized standard for ISMS, focusing on establishing, implementing, maintaining, and continuously improving an organization’s ISMS. The certification was awarded to I&M Bank Kenya, I&M Bank Rwanda (PLC), and I&M Bank Tanzania Limited, with I&M Bank Uganda Limited set to begin the certification audit process in the third quarter of 2024.
Nelson Nasongo, I&M Group PLC Chief Information Officer, emphasized the importance of this achievement, stating, “Achieving ISO 27001 certification underscores I&M Bank’s commitment to maintaining the highest standards of information security. Securing our customers’ data and intellectual property is a key priority and has been integral in fostering trust amongst our customers. This reputation is reflected in the lasting relationships we enjoy with them and is a key driver for business.”
The certification process highlighted various strengths across the Group’s subsidiaries. I&M Bank Kenya excelled in physical security and business continuity management, while I&M Bank Tanzania scored highly in information and cyber security. The Rwandan subsidiary stood out in areas such as data center operations, procurement, and HR.
I&M Group PLC Regional CEO, Kihara Maina, reiterated the Group’s dedication to customer service and regulatory compliance, stating, “Our dedication to the customer is central to our organizational ethos at a Group level, and the subsidiary CEOs are empowered to ensure strict adherence to it. We extend this commitment to enhancing our compliance with various regulatory requirements. This certification assures not only our customers but also industry oversight bodies that we handle information securely and responsibly across all our markets.”
The journey toward ISO 27001 certification began in 2021, with the bank recognizing the critical importance of robust information security management. Following a comprehensive three-year process, the bank successfully underwent a thorough certification audit conducted by BSI in February and March 2024.
This certification highlights I&M Bank’s comprehensive ISMS, designed to significantly reduce the risks associated with data breaches, cybercrime, and financial losses, reinforcing the Group’s commitment to information security and customer trust