NCBA Bank Kenya and Uganda have successfully achieved dual ISO certification from the British Standards Institution (BSI), a global accreditation body that accredits organisations against standards.
In a statement on Tuesday, February 3, the bank said that the certification marks a major milestone in strengthening information security, data privacy, and regulatory assurance across its operations, “reinforcing NCBA as a bank known for innovation.”
NCBA is the first bank in East and Central Africa to attain ISO/IEC 27701 (Privacy Information Management System) certification for data privacy.
“The ISO/IEC 27001 (Information Security Management System) and ISO/IEC 27701 (Privacy Information Management System) certifications reinforce the Bank’s comprehensive and systematic approach to managing, processing and safeguarding sensitive data relating to customers, employees and third parties.”
According to the bank, these certifications ensure that an organisation meets the rigorous standards of security and service management, aligns NCBA’s security and privacy controls with global best practices, and supports compliance with the Kenya Data Protection Act and the Uganda Data Protection and Privacy Act.
Also Read: South African Giant Places Proposal to Take Over Kenya’s NCBA Bank
The certification also represents a proactive commitment to privacy management, further reinforcing trust in the bank’s ability to protect the data of customers, partners, and stakeholders while meeting the highest international standards.
“Attaining these dual ISO certifications is a significant milestone in our continuous journey to strengthen information security within our operations. Our customers can be assured that we uphold the highest standards in security, service management and regulatory compliance,” Isaac Owilla, Group Director Technology & Operations, commenting on the achievement, noted.
“We realize that compliance is not a destination and we remain committed to providing services that are secure, efficient, and high-quality to our customers.”
NCBA added that this certification initiative is driven by the lender’s growing digital footprint, cross-border operations, and increasing reliance on technology and third-party service providers.
NCBA certified to ISO/IEC 27701
Phase one of the programme focused on Kenya and Uganda, with Kenya prioritised due to its role in delivering approximately 80% of the Group’s information security and technology functions.
In addition, Phase 2 of the program is planned to extend certification to Loop DFS, Tanzania, and Rwanda, leveraging the governance framework, controls, and lessons learned from Phase 1.
Also Read: Muhoho Kenyatta Appointed to NCBA Board
Owilla added that NCBA is committed to maintaining high standards by ensuring its staff are well-trained in compliance and best practices, encouraging active participation in system improvements, and fostering a culture of continuous improvement.
“This approach strengthens the bank’s ability to deliver top-tier service, maintain information security, and achieve operational excellence.”
The two certifications build on each other: ISO/IEC 27001 provides a structured, risk-based framework for protecting the confidentiality, integrity, and availability of information assets, while ISO/IEC 27701 strengthens privacy controls and governance for Personally Identifiable Information (PII).
Follow our WhatsApp Channel and X Account for real-time news updates





