Zenith Bank Obtains ISO27001:2013 And PCI DSS Certifications

Zenith Bank Ghana Limited, one of the most reputable and innovative banks in Ghana, has now obtained the internationally recognized ISO 27001:2013 and PCI DSS Certifications.

ISO 27001:2013 is an information security standard published by the International Organisation for Standardisation (ISO) and International Electro Technical Commission (IEC), under the joint ISO and IEC subcommittee.

The standard specifies the requirements for establishing, implementing, maintaining and improving information security management across systems, people and processes. It also includes requirements for the assessment and treatment of information security risks specifically tailored to the needs of an organisation.

On the other hand, PCI DSS compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information. PCI DSS compliance is required by all card brands. It is the global standard that any organization of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data.

These certifications will, amongst other things:

• Improve the Bank’s information security posture and in turn minimize our exposure to risks by implementing necessary controls in our procedures, processes and systems;
• Enhance the Bank’s brand perception and lend credence to the Bank’s aspiration to be the preferred financial institution in the country;
• Protect the privacy of customer information by safeguarding its confidentiality, integrity and availability;
• Reassure our customers that the Bank has put in place best practices to control and mitigate risks; and,
• Enrich customer experience with the Bank’s products and services.

Managing Director/Chief Executive Officer of Zenith Bank, Henry Oroh, said: “We are delighted to have achieved this momentous milestone. Our bank has taken another major stride in ensuring compliance with regulatory requirements in the implementation of an Information Security Management System (ISMS) that is compliant with the requirements of the International Organization for Standardization (ISO/IEC 27001:2013), as well as the Payment Card Industry Data Security Standard (PCI DSS) certification. This reinforces our commitment to embracing global best practices in ensuring the integrity of our customer data and a secure operating environment.”

The Bank employed the services of a renowned Information Value Chain consulting firm Digital Jewels Limited, to guide the Bank in obtaining these certifications. The audits and compliance validation were performed by independent auditors.

According to the CEO of Digital Jewels, Mrs. Adedoyin Odunfa, the ISO27001 standard consists of management clauses and controls that aim to instil a continuous improvement culture focused on securing and protecting information assets.

For Zenith Bank Ghana, this entailed implementing processes and technology and developing skills and competencies required to safeguard critical assets.

Essentially, the standard aims to take a risk-based approach to ensure the proper treatment of all risks to the institution, the Implementation of a consistent and integrated ISMS, and compliance with best practices in Information Security.

The PCIDSS standard on the other hand is focused on securing card holder data in organizations that process, store or transmit such sensitive information. It is a more technical standard focused on a large set of mandatory technical and process based controls.”

While this is a significant milestone for the Bank, and a proof of the Bank’s commitment to comply with internationally recognized security standards, it is just the beginning of a long journey to enhance the Bank’s Information Security status and capability.

The Bank remains fully committed to sustaining the highest standards of security for all its products, services and platforms in compliance with regulatory requirements of the Bank of Ghana and in the best interest of its valued stakeholders.