BY MARY ADISA
ISO/IEC 27001:2022 is the latest version of the internationally recognized standard for ISMS
I&M Group PLC has been honoured with an award for three of its banking institutions in what showcases the organization’s commitment serving its customers with dedication.
The international standard ISO/IEC 27001:2022 certification for Information Security Management Systems (ISMSs) was awarded to the group’s three of its banking subsidiary companies in Kenya, Rwanda and Tanzania by the British Standard Institution (BSI), a world-renowned standardization and certification organization.
ISO/IEC 27001:2022 is the latest version of the internationally recognized standard for ISMS, focusing on the establishment, implementation, maintenance, and continuous improvement of an organization’s ISMS.
Speaking from the lender’s Nairobi Headquarters, I&M Group PLC Chief Information Officer Mr Nelson Nasongo noted that achieving ISO 27001 certification underscores the I&M Bank’s commitment to maintaining the highest standards of information security.
“Securing our customers’ data and intellectual property is a key priority and has been integral in fostering trust amongst our customers. This reputation is reflected in the lasting relationships we enjoy with them and is a key driver for business,” said Mr Nasongo.
The bank is a public company listed at the Nairobi Securities Exchange (NSE) and is the leading banking and insurance group in the Eastern Africa group with a presence in Kenya, Mauritius, Rwanda, Tanzania and Uganda.
This according to Mr Nasongo underscores the group’s commitment to the highest standards of information security.
The certification was awarded to I&M Bank Kenya, I&M Bank Rwanda (PLC) and I&M Bank Tanzania Limited.
Mr Nasongo announced that I&M Bank Uganda Limited will begin the certification audit process in the third quarter of 2024.
The Kenyan subsidiary recorded excellence in physical security and business continuity management while their Tanzanian counterparts scored highly in information and cyber security.
The publicly listed entity in Rwanda registered top scores for their data center, procurement and human resources.
Group Chief Information Officer, I&M Group PLC Mr Nelson Nasongo Juma, Business Development Manager, BSI Group Darlene Cueto, CEO, I&M Bank Kenya Gul Khan and Managing Director, Data Sec Ltd Gladys Njiru pose for a photo with the award.
I&M Group PLC regional CEO Mr Kihara Maina said that the organization’s dedication to the customer is central to “our organizational ethos at a Group level and the subsidiary CEOs are empowered to ensure strict adherence to it.”
“We extend this commitment to enhancing our compliance with various regulatory requirements,” said Mr Maina adding; “this certification assures not only our customers but also industry oversight bodies that we handle information securely and responsibly across all our markets.”
The standard provides companies with guidance to manage the risks to information assets systematically and achieve information protection goals and speaks to the lender’s comprehensive ISMS which is designed to significantly reduce the risk of data breaches, cybercrime, and financial losses.
I&M Bank’s journey towards ISO 27001 certification began in 2021 when the bank recognized the critical importance of robust information security management.
After a three years process, the bank in February and March 2024, successfully underwent a thorough certification audit carried out by the BSI.
I&M Group PLC, formerly known as City Trust Limited (CTL) was incorporated on 16th August 1950 and is one of the oldest companies to list on the Nairobi Securities Exchange (NSE).
I&M Holdings was licensed and approved as a non-operating holding company in accordance with the provisions of the Banking Act, following a reverse takeover of CTL by I&M Bank Limited in June 2013.
Prior to that, CTL was an investment holding company listed on the Alternative Investment Market Segment (AIMS) of the NSE.
Following the reverse takeover, CTL changed its name to I&M Holdings and moved on to the Main Investment Market Segment (MIMS) of the NSE.
The Company is regulated by the Capital Markets Authority (CMA) and the Central Bank of Kenya. I&M Group PLC operates in five countries- Kenya, Tanzania, Rwanda, Uganda and Mauritius through its subsidiaries, affiliates and joint venture investments in each of these countries.