NCBA Bank Uganda and Kenya have successfully achieved dual ISO certification from the British Standards Institution (BSI), a global accreditation body that certifies and accredits organizations on standards.
NCBA is the first local bank in East and Central Africa to attain ISO/IEC 27701 (Privacy Information Management System) certification for data privacy.
The ISO/IEC 27001 (Information Security Management System) and ISO/IEC 27701 (Privacy Information Management System) certifications reinforce the Bank’s comprehensive and systematic approach to managing, processing, and safeguarding sensitive data relating to customers, employees, and third parties.
These certifications ensure that an organization meets rigorous standards for security and service management. They further align NCBA’s security and privacy controls with global best practices and support compliance with the Uganda Data Protection and Privacy Act and the Kenya Data Protection Act.
The certification also represents a proactive commitment to privacy management, further reinforcing trust in the Bank’s ability to protect the data of customers, partners, and stakeholders while meeting the highest international standards.
Mark Muyobo, CEO of NCBA Bank Uganda Limited, said: “Attaining these dual ISO certifications is a significant milestone in our continuous journey to strengthen information security within our operations. Our customers can be assured that we uphold the highest standards in security, service management, and regulatory compliance. We remain committed to providing services that are secure, efficient, and high-quality.”
This certification initiative is driven by NCBA’s growing digital footprint, cross-border operations, and increasing reliance on technology and third-party service providers. Phase One of the programme focused on Kenya and Uganda, with Kenya prioritised due to its role in delivering approximately 80% of the Group’s information security and technology functions.
Phase Two of the programme is planned to extend certification to Loop DFS, Tanzania, and Rwanda, leveraging the governance framework, controls, and lessons learned from Phase One.
The two certifications build on each other, with ISO/IEC 27001 providing a structured, risk-based framework for protecting the confidentiality, integrity, and availability of information assets, while ISO/IEC 27701 strengthens privacy controls and governance around Personally Identifiable Information (PII).
According to Mr. Muyobo, “NCBA is committed to maintaining high standards by ensuring its staff are well trained in compliance and best practices, encouraging active participation in system improvements, and fostering a culture of continuous enhancement. This approach strengthens the Bank’s ability to deliver top-tier service, maintain information security, and achieve operational excellence.”
With its dual ISO certifications, NCBA Bank solidifies its standing as a leader in the banking industry, demonstrating its dedication to global standards while providing secure, reliable, and innovative financial services to customers.