Heritage Bank Attains ISO 27001 Certification

1

Heritage Bank Plc, Nigeria’s most innovative banking service provider, has achieved the Information Security Management Certification from International Standards Organisation (ISO) with its new platform, Octopus.

This certification also is known as the ISO 27001: 2013 is part of the ISO 27000 family of standards which helps organizations keep information assets secure. The certification was achieved on the heels of the bank’s drive to revolutionalize the banking sector digital experience with Octopus, by putting in place a systematic approach to managing sensitive organizational information, ensuring it remains seamless, secure and available.

The Octopus platform owes numerous benefits to the users, thereby enable small businesses to key into electronic payment system easily, efficient collections, social integration, retention strategy, bills payment, mobile virtual top-up, funds transfer, balance enquiry, movie show time, news.

With the introduction of Octopus, the ISO 27001: 2013 Information Security Management Certification is proof of the Bank’s demonstrated ability to consistently provide products and services that give service consumers and customers an easily recognizable security hallmark.   

Speaking on the award received, The MD/CEO of Heritage Bank Plc, Ifie Sekibo reiterated the bank’s commitment for secured services, whilst assuring customers that their information is appropriately protected and, as such, reduces the need to undertake time-consuming and costly onsite security audits reducing time and cost for both parties.

According to him, the certification demonstrates credibility and trust, which reduces customer and supply chain audit and ISO 27001 certification reduces third-party scrutiny of your Information Security Management by customers and the wider supply chain.

“The achievement of ISO 27001 will differentiate two competing organizations in the marketplace, providing a valuable competitive advantage. Increased legislative and regulatory compliance ISO 27001 supports compliance with relevant laws such as the Data Protection Act 1998 and software copyright legislation. This, in turn, reduces the risk of facing prosecution and fines. An organization’s liability in security incidents may be reduced if it is certified ISO 27001 compliant,”

He further explained that it reduces customer and supply chain audit, stating that ISO 27001 certification reduces third-party scrutiny of your Information Security Management by customers and the wider supply chain.

As ISO 27001 is the current international benchmark for Information Security Management, it is increasingly recognized that compliance with the standard is supportive evidence of adequate security. Considerations and outcomes To achieve ISO 27001 certification, an organization must produce documentation that demonstrates that it has developed an Information Security Management System that complies with the standard. Organisations should consider producing most of this documentation even if they are not going for certification as it provides a best practice approach for compliance as well. 

There are three key issues to note about the standard: Its generic requirements mean that it is applicable to all organizations, regardless of size, type or nature. However, you tailor it to the exact needs of your organization through the information security controls that you select to implement within your Information Security Management System. It takes a flexible, risk-driven approach. It is dynamic – it focuses on continual improvement and helps the organization keep ahead of changes both within and outside the organization.