Zenith Bank Ghana Limited, one of the most reputable and innovative banks in Ghana, has now obtained the internationally recognised ISO27001:2013 and PCI DSS Certifications.
The ISO 27001:2013 is an information security standard published by the International Organisation for Standardisation (ISO) and International Electro-technical Commission (IEC), under the joint ISO and IEC subcommittee.
The standard specifies the requirements for establishing, implementing, maintaining and improving information security management across systems, people and processes. It also includes requirements for the assessment and treatment of information security risks specifically tailored to the needs of an organisation.
On the other hand, PCI DSS compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders’ personal information. PCI DSS compliance is required by all card brands. It is the global standard that any organisation of any size must adhere to in order to accept payment cards and to store, process, and/or transmit cardholder data.
These certifications will among other things:
- Improve the bank’s information security posture and in turn minimise its exposure to risks by implementing necessary controls in its procedures, processes and systems;
- Enhance the bank’s brand perception and lend credence to its aspiration to be the preferred financial institution in the country;
- Protect the privacy of customer information by safeguarding its confidentiality, integrity and availability;
- Reassure customers that the bank has put in place best practices to control and mitigate risks; and,
- Enrich customer experience with the bank’s products and services.
Henry Oroh, Managing Director/Chief Executive Officer of Zenith Bank said: “We are delighted to have achieved this momentous milestone. Our bank has taken another major stride in ensuring compliance with regulatory requirements in the implementation of an Information Security Management System (ISMS) that is compliant with requirements of the International Organisation for Standardisation (ISO/IEC 27001:2013), as well as the Payment Card Industry Data Security Standard (PCI DSS) certification. This reinforces our commitment to embracing global best practices in ensuring the integrity of our customer data and a secure operating environment”.
The bank employed the services of a renowned Information Value Chain consulting firm, Digital Jewels Limited, to guide the bank in obtaining these certifications. The audits and compliance validation were performed by independent auditors.
According to the CEO of Digital Jewels, Mrs. Adedoyin Odunfa, the ISO27001 standard consists of management clauses and controls which aim to instil a continuous improvement culture focused on securing and protecting information assets.
“For Zenith Bank Ghana, this entailed implementing processes and technology, and developing skills and competencies required to safeguard critical assets. Essentially, the standard aims to take a risk-based approach to ensure the proper treatment of all risks to the institution; the implementation of a consistent and integrated ISMS; and compliance with best practices in Information Security. The PCIDSS standard, on the other hand, is focused on securing cardholder data in organisations which process, store or transmit such sensitive information. It is a more technical standard focused on a large set of mandatory technical and process-based controls.”
While this is a significant milestone for the bank, and a proof of its commitment to complying with internationally recognised security standards, it is just the beginning of a long journey to enhance the bank’s Information Security status and capability. The bank remains fully committed to sustaining the highest standards of security for all its products, services and platforms – in compliance with regulatory requirements of the Bank of Ghana, and in the best interest of its valued stakeholders.