The Bank of Ghana (BoG) has secured an ISO/IEC 27001:2005 certification, which is the world's highest accreditation for information protection and security, the bank has said in a statement issued yesterday. It said the independent assessment was carried out by UK-based Lloyds Register Quality Assurance (LRQA), one of the few companies in the world to perform ISO 27001 audits.
ISO 27001 is the only auditable international standard which defines the requirements to ensure that sufficient security controls are instituted within the certified organization. Additionally, maintaining the ISO 27001 Certification requires an annual review and three year re-certification in the continual scrutiny of Bank of Ghana's information security management system in a manner that aims to provide confidence to clients and the public as a whole that the Bank's data is protected on an ongoing basis.
By this certification, the Bank of Ghana has distinguished itself as the first central bank in Africa and joins a small group of central banks including Federal Reserve Bank of New York, Reserve Bank of India, Bank of Indonesia, and Bank of Taiwan that have attained this prestigious status. The IMF and World Bank are among other financial institutions that have such a certification by the International Standards Organization.
The statement further stated that the certification was an indication that the Bank has addressed, implemented and controlled the security of the bank's information, and that BoG's management information and systems are secure to ensure the integrity of data sent out as well as data received, significantly limiting security and privacy breaches.
It also establishes that relevant laws and regulations are being met, especially in line with the BoG's mandate of ensuring an effective banking system in the country, and among other things Minimize internal and external risks to business continuity.
The bank also said, managed information security services for the certification project were provided by UK-based AKK Risk Management Consulting Ltd involved in the provision of such services to private as well as government institutions.