NCBA Sets Regional Benchmark in Data Security and Privacy

Dual ISO Certification Milestone

NCBA Bank Kenya and Uganda have achieved dual ISO certification from the British Standards Institution (BSI), marking a major milestone in data security and privacy management.

The certification strengthens the bank’s information security framework and reinforces its reputation as a regional leader in digital trust and innovation.

Notably, NCBA is the first bank in East and Central Africa to attain ISO/IEC 27701 certification for Privacy Information Management Systems.

Alongside ISO/IEC 27001 for Information Security Management, the certifications confirm NCBA’s structured and systematic approach to protecting sensitive data for customers, employees, and third parties.

Together, these standards align NCBA’s controls with global best practices. They also support compliance with the Kenya Data Protection Act and the Uganda Data Protection and Privacy Act.

More importantly, the certifications demonstrate a proactive commitment to privacy and risk management across the bank’s operations.

NCBA Sets Regional Benchmark in Data Security and Privacy

Strengthening Trust Through Technology and Governance

Isaac Owilla, Group Director for Technology and Operations, described the achievement as a key step in NCBA’s long-term security journey.

He noted that the certifications assure customers of the bank’s strong focus on security, regulatory compliance, and service quality. He added that NCBA views compliance as an ongoing process, not a one-time goal.

The certification program reflects NCBA’s expanding digital footprint and growing cross-border operations. It also responds to increased reliance on technology and third-party service providers.

Phase one covered Kenya and Uganda, with Kenya taking priority due to its role in delivering about 80 percent of the Group’s technology and information security functions.

NCBA plans to extend certification to Loop DFS, Tanzania, and Rwanda in phase two. The expansion will build on the governance frameworks and lessons from the first phase.

ISO/IEC 27001 provides a risk identifiable information.

Through continuous staff training and system improvement, NCBA continues to raise its security standards. As a result, the bank strengthens customer trust while delivering secure, reliable, and innovative financial services across the region.