What the new ISO certification means for central bank

The National Bank of Rwanda early this month received International Organisation for Standardisation (ISO) certification for meeting standards in Information Security Management System.

Monday, September 18, 2017

The National Bank of Rwanda early this month received International Organisation for Standardisation (ISO) certification for meeting standards in Information Security Management System.

The bank received ISO 27001:2013 certification becoming the first institution in the country as well as in the East African Community.

The certification means that the regulator has met global standards in processing transmission and storage of digital information and information processing assets of the bank.

According to experts, the certification means that bank’s systems can protect the confidentiality, integrity and availability of information assets from all threats in relation to the processing, transmitting and storing sensitive information.

The certification follows processes of establishing and implementing risk based information security controls as well as updating operational procedures of business functions.

According to the regulator’s ICT officers, the bank also moved to comply with statutory regulatory requirements and contractual security obligations as well as spreading security awareness amongst staff, interns, service providers, third party contractors and end users of the bank’s information systems.

The certification comes at a time when the country and the central bank are embarking on rolling out cashless economy systems and financial technology which could be compromised by cyber security threats.

Information security

According to a statement by the central bank, in light of the ever-growing cyber security threats, the development adds a layer of information security governance where by the bank’s key ICT infrastructure are protected and administered according to the accepted international standards.

"BNR being ISO 27001:2013 certified as the central bank and a regulatory body in the financial sector was also determined by its parties including staff, service providers, network providers, assessors and auditors, vendors and suppliers of goods and services, customers both financial sectors, public institution, ministries, statutory authorities like World Bank, IMF, African Development Bank (ADB,” the statement reads in part.

Justin Rurazi, the director-general of ICT development at the central bank, told The New Times last week that the global certification is a chance for them to set standards for players in the financial sector in the Information Security Management System.

"Now that the National Bank of Rwanda is certified, it serves to increase the confidence in the security of our systems amongst players as we roll out cashless systems in the country,” he said.

The ranking also serves to build trust and confidence among the interested parties that their data and other information is protected, thereby improving the value and customer satisfaction.

editorial@newtimes.co.rw