Co-operative Bank of Kenya has earned the ISO/IEC 27001:2022 certification from BSI, underscoring the bank’s renewed commitment to safeguarding customer information in an era of rapid digital transformation.
The certification ceremony, conducted by BSI at a venue hosted by the bank, marks a milestone in the lender’s ongoing efforts to align with the latest international standards for information security management systems (ISMS).
The 2022 revision of ISO/IEC 27001 introduces a holistic framework designed to address contemporary threats, vulnerabilities, and regulatory expectations. The updated standard emphasizes the confidentiality, integrity, and availability of information, and requires organizations to implement a comprehensive set of controls tailored to their risk landscape.
An external audit carried out as part of the certification process evaluated several critical security domains. These included physical security controls, robust access management, risk assessment and treatment processes, change management practices, and business continuity planning. The assessment also examined security best practices in software development, reflecting an emphasis on secure coding and software lifecycle discipline.
Charles Washika, Director of ICT & Innovations at Co-operative Bank of Kenya, welcomed the certification as a tangible demonstration of the bank’s dedication to protecting customer data. He noted that the certification strengthens risk management, standardizes information security policies across the organization, and enhances incident response capabilities. “The controls we’ve implemented ensure regulatory compliance while reinforcing the trust our customers, partners, and regulators place in Co-operative Bank,” Washika said.
Ilias Karampoikis, IMETA Sales and Commercial Director, commented on the broader significance of the achievement. In today’s cloud-driven and digitally dependent business environment, he said, ISO/IEC 27001 certification confirms that Co-op Bank has taken essential steps to defend against cyber threats and to keep information security aligned with global best practices. “This focus on digital trust is crucial amid ongoing technological transformation,” Karampoikis added.
Co-operative Bank has a storied history with ISO/IEC 27001 certifications in East Africa. The bank first attained ISO/IEC 27001:2013 in 2014, becoming a regional pioneer. The 2022 update expands the controls and their applicability to modern threats, ensuring robust protection for sensitive data while maintaining the principle of confidentiality, integrity, and availability.
For customers, the certification offers reassurance that personal and financial information is processed and stored in accordance with internationally recognized security standards. The bank’s information security framework is designed to minimize data privacy risks while supporting secure digital banking services.
Looking ahead, Co-operative Bank emphasized its ongoing commitment to maintaining and enhancing its security posture. The bank has continued to invest in advanced security tools, cybersecurity talent, and structured processes to address all relevant controls, with a view to supporting Kenya’s digital economy and expanding its regional footprint in East Africa.
