The Bank of Ghana (BoG) has secured the ISO/IEC
27001:2005 Certification, which is the world's highest accreditation for information
protection and security, a statement from the Bank said on Tuesday.
By this certification, the Bank of Ghana has distinguished itself as the first central
bank in Africa and joins a small group of central banks including Federal Reserve
Bank of New York, Reserve Bank of India, Bank of Indonesia and Bank of Taiwan
that have attained this prestigious status.
The independent assessment was carried out by UK-based Lloyds Register
Quality Assurance (LRQA), one of the few companies in the world to perform ISO
ISO 27001 is the only auditable international standard which defines the
requirements to ensure that sufficient security controls are instituted within the certified
Additionally, maintaining the ISO 27001 Certification required an annual review
and three-year re-certification in the continual scrutiny of Bank of Ghana's information
security management system in a manner that aimed to provide confidence to clients
and the public as a whole that the Bank's data was protected on an ongoing basis, the
The IMF and World Bank are among other financial institutions that have such a
certification by the International Standards Organization.
The statement said the ISO 27001 certification demonstrated that the BoG had
addressed, implemented and controlled the security of the Bank's information, and
that BoG's management information and systems were secure to ensure the integrity
of data sent out as well as data received, significantly limiting security and privacy
It also establishes that relevant laws and regulations are being met, especially in
line with the BoG's mandate of ensuring an effective banking system in the country,
and that a commitment to information security exists at all levels throughout the bank.
Other benefits include, increase in overall organisational efficiency and operational
performance and minimisation of internal and external risks to business continuity.
Managed information security services for the certification project were provided
by UK-based AKK Risk Management Consulting Ltd involved in the provision of
such services to private as well as government institutions.