NCBA Sets Regional Record as First Bank to Achieve ISO Data Privacy Certification
NCBA Bank has set a new benchmark for data security in East and Central Africa, becoming the first lender in the region to attain the ISO/IEC 27701 certification for its Privacy Information Management System.
The announcement follows the bank’s successful acquisition of dual certifications from the British Standards Institution (BSI). In addition to the privacy certification, NCBA also secured the ISO/IEC 27001 for its Information Security Management System. This dual achievement covers operations in both Kenya and Uganda, aligning the bank’s controls with the strict requirements of the Kenya Data Protection Act and the Uganda Data Protection and Privacy Act.
Isaac Owilla, Group Director for Technology & Operations at NCBA, described the certification as a critical step in the bank’s digital evolution.
“Attaining these dual ISO certifications is a significant milestone in our continuous journey to strengthen information security within our operations,” said Owilla. “Our customers can be assured that we uphold the highest standards in security, service management and regulatory compliance.”
While ISO/IEC 27001 focuses on the broader security of information assets, the ISO/IEC 27701 certification is specific to privacy governance, protecting Personally Identifiable Information (PII). This distinction is particularly relevant as the bank expands its digital footprint and cross-border operations.
“We realize that compliance is not a destination and we remain committed to providing services that are secure, efficient, and high-quality to our customers,” Owilla added.
The certification process was executed in phases, with Kenya prioritized in Phase 1 as it handles approximately 80% of the Group’s technology functions. The bank has confirmed that Phase 2 will extend these rigorous standards to its operations in Tanzania, Rwanda, and its fintech subsidiary, Loop DFS.
Owilla emphasized that the certifications are part of a broader internal culture shift.
“NCBA is committed to maintaining high standards by ensuring its staff are well-trained in compliance and best practices, encouraging active participation in system improvements, and fostering a culture of continuous enhancement,” he stated.
By securing these global accreditations, NCBA aims to reinforce stakeholder trust, ensuring that as it relies more heavily on third-party providers and digital channels, customer data remains protected to the highest international standards.
[Secure Your Seat at Africa Tech Summit Nairobi 2026 | February 11–12 here] Use code TTRENDS10 at checkout to save 10% on your pass and join the leaders building Africa’s $1 trillion cross-border payment future.
Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent.
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
