NCBA Bank Kenya and Uganda have raised the bar in terms of compliance in the region’s banking industry by achieving the NCBA ISO data security certification. They are now the only banks in the region that have achieved the international ISO/IEC 27701 privacy standard, which is a significant milestone in the protection of customer and institutional data and the level of trust that customers have in the bank as its digital environment continues to grow.
The certification, which was awarded by the British Standards Institution (BSI), confirms that NCBA adheres to the highest international standards in terms of both information security and privacy management.
It is a significant milestone in the bank’s journey to become a leader in the region in terms of organized data protection at a time when digital banking and international services are on the rise.
What the NCBA ISO Data Security Certification Means
The NCBA ISO data security certification includes ISO/IEC 27001 for Information Security Management Systems and ISO/IEC 27701 for Privacy Information Management Systems.
The two standards offer a systematic way of protecting sensitive information that belongs to customers, employees, and third-party partners.
The achievement of the NCBA ISO data security certification indicates that the bank’s data management practices are in line with international best practices and that it supports the Kenya Data Protection Act and the Uganda Data Protection and Privacy Act.
This is particularly significant because NCBA is the first bank in East and Central Africa to achieve ISO/IEC 27701, a certification that specifically deals with the management of Personally Identifiable Information (PII).
The achievement of the NCBA ISO certification, therefore, goes beyond the normal IT security measures and incorporates privacy management as part of the core business.
Group Director for Technology & Operations Isaac Owilla described the achievement as a demonstration of the bank’s continued investment in having resilient systems.
“Achieving these dual ISO certifications is a significant milestone in our continued quest to enhance information security within our operations. Our customers can rest assured that we adhere to the highest standards of security, service management, and regulatory compliance.
We understand that compliance is not a destination but a continuous process, and we are committed to providing services that are secure, efficient, and of the highest quality,” he said.
Digital Expansion Drives NCBA ISO Data Security Certification
The push toward the NCBA ISO data security certification comes as the Group expands its digital footprint and cross-border services. Phase one of the programme covered Kenya and Uganda, with Kenya prioritised due to its role in supporting about 80 percent of the Group’s information security and technology functions.
Phase two is expected to extend the NCBA ISO data security certification framework to Loop DFS, Tanzania, and Rwanda. The expansion will rely on governance structures and lessons learned from the first phase, helping standardise privacy and security controls across markets.
ISO/IEC 27001 establishes the risk-based structure for protecting information assets, while ISO/IEC 27701 builds on that base by strengthening privacy governance around personal data. Together, they ensure that the NCBA ISO data security certification supports both operational efficiency and regulatory assurance.
Owilla added that staff training and a culture of continuous improvement remain central to maintaining these standards, reinforcing service quality and operational resilience.
Read Also: NCBA Kenya Masters Swimmers Sponsorship Elevates Team Ahead of South Africa Championships
