CalBank has achieved the global ISO/IEC 27001 certification as it moves to secure customers’ data and information in an increasingly digital world. This comes on the back of the bank receiving its PCI DSS certification a couple of years ago.
ISO/IEC 27001 is one of the most widely-recognised and internationally accepted information security management system standards. The standard encompasses all the bank’s people, processes and technology, and guarantees the robustness and quality of the bank’s risk management process.
Frank Adu, Managing Director of the bank, noted that this achievement underscores the bank’s digitisation drive and commitment to information security in line with industry best practices, and the delivery of assured, secure, and proven products and services to customers.
“The fact that we achieved this certification without any non-conformities is a testament to our outstanding services and support team. CalBank is also PCI DSS compliant and certified, and on the back of this feat I am glad for our investment in information security that delivers the objectives of confidentiality, integrity and accessibility,” he said.
He noted that it has been a rigorous exercise to secure this certification. “In the build-up to this exercise, we ensured that our employees were adequately trained to be security conscious and strictly adhere to practices, policies and procedures that will continue to enhance quality services for all stakeholders,” he said.
He assured customers that with an independent assurance by the foremost recognised certification body, ISO 27001, CalBank has established processes and technology to secure information and transactions in this fast-growing digital space.
The Managing Director stressed to stakeholders that the bank will continue to invest in technology, security and people to ensure consistent integrity of the bank’s information security systems.
Adedoyin Odunfa, Managing Director of Digital Jewels – the consultants on the project, noted that together with the dynamic team at CalBank, Digital Jewels followed a very rigorous and painstaking process to implement the standards in an efficient and effective manner.
“The standard itself is a process-based management standard focused on securing the bank’s information assets and managing downside risks. It stresses management’s responsibility for information security and specifies over 100 controls around 14 domains aimed at increasing the bank’s security posture,” she said.
With the standard becoming mandatory by the Bank of Ghana, through the Cyber and Information Security Directive, Mrs. Odunfa lauded the bank for its achievement of this standard – noting a focus on excellent implementation.
With the implementation process experiencing zero non-conformities, the consultants applauded CalBank for such a feat. “We have been in this business for over a decade and we have undertaken over 60 certification exercises, and very few came up with zero non-conformities. CalBank is one of the few. I want to salute the team for this,” she added.
Henrietta Polley, Head of Information Security at the bank, in recounting the ISO certification journey touched on the anxiety, uneasiness, tension and mixed feelings at different points in time. Despite these, she noted that it was a journey worth taking because it has brought significant, positive cultural change in the cyber and information security space of the bank.
“This certificate is an affirmation that the bank has adopted and complied with the highest known management standard in information security in the world and the recent Bank of Ghana Cyber and Information Security Directive. The ISO 27001 certificate will ensure that all information assets of the bank are adequately protected at all times,” he said.
Ms. Polley stressed that the certification is just the beginning, because the journey never stops or ends. “We have to continually maintain the certificate to retain it. Your unflinching support and efforts will be required to achieve that,” she added.