NCBA Group Kenya and NCBA Uganda has reached a major milestone by becoming the first bank in East and Central Africa to attain ISO/IEC 27701 certification for privacy information management alongside ISO/IEC 27001 for information security. Awarded by the British Standards Institution, the dual certification underscores the bank’s commitment to protecting sensitive customer, employee, and third-party data across its operations.
The achievement highlights NCBA’s structured, risk-based approach to information security and privacy governance. ISO/IEC 27001 strengthens the protection of data confidentiality, integrity, and availability, while ISO/IEC 27701 enhances controls around personally identifiable information. Together, the certifications reinforce compliance with the Kenya Data Protection Act and the Uganda Data Protection and Privacy Act, strengthening trust in NCBA’s digital and cross-border banking services.
According to the Group’s leadership, the certification reflects a long-term commitment to security, regulatory compliance, and service excellence. With an expanding digital footprint and increased reliance on technology and third-party providers, NCBA has prioritized building robust systems, investing in staff training, and fostering a culture of continuous improvement to support secure and efficient service delivery.
The initiative is being rolled out in phases, with Kenya and Uganda completed in the first stage and further expansion planned for Loop DFS, Tanzania, and Rwanda. By achieving dual ISO certification, NCBA positions itself as a regional benchmark in data security and privacy, reinforcing its role as a trusted leader in banking innovation and globally compliant financial services.
Related articles