Co-operative Bank of Kenya Attains ISO/IEC 27001:2022 Certification from BSI

By Monica MUEMA

Co-operative Bank of Kenya has successfully upgraded to the updated ISO/IEC 27001:2022 standard, securing the global benchmark for information security management systems.

 

The certification was awarded by BSI, the business improvement and standards company, during a handover ceremony at Co-operative Bank House on Friday, 5 September 2025.

 

In a rigorous external audit, the bank’s information security program was evaluated across key areas, including physical security measures, access control systems, risk management protocols, change management processes, business continuity planning, and security best practices in software development.

 

The assessment culminated in a comprehensive validation that Co-operative Bank’s controls meet the latest requirements of the standard.

 

Charles Washika, Director ICT & Innovations at Co-operative Bank of Kenya, described the milestone as a clear demonstration of the bank’s commitment to protecting customer information through world-class security standards.

 

He noted that the certification enhances risk management, standardises information security policies across the organization, and strengthens incident response capabilities.

 

“The comprehensive controls we’ve implemented ensure regulatory compliance while reinforcing the trust our customers, partners, and regulators place in Co-operative Bank,” Washika said.

 

Ilias Karampoikis, IMETA Sales and Commercial Director, echoed the significance of the achievement in today’s cloud‑driven, digitally dependent business environment.

 

“Certification to ISO/IEC 27001 shows that Co-op Bank has taken the necessary steps to protect itself against cyber threats and ensure its information security is in line with global best practice. This focus on achieving digital trust is crucial in a world of technological transformation,” he remarked.

 

Co-operative Bank has a storied history with ISO/IEC 27001 certifications in East Africa. In 2014, it became the first bank in the region to attain ISO/IEC 27001:2013 certification.

 

The 2022 revision provides a holistic approach to addressing modern threats and vulnerabilities, ensuring the confidentiality, integrity, and availability of sensitive data.

 

For customers, the new certification offers tangible reassurance that personal and financial data is processed and stored in accordance with internationally recognized security protocols.

 

The bank’s robust Information Security Management System minimizes the risk of data privacy breaches while supporting secure digital banking services.

 

Reflecting on the decade since the initial certification, Washika highlighted ongoing investments in information security.

 

“In response to evolving cyber threats, we’ve scaled up our investments by acquiring cutting‑edge security tools, hiring qualified cybersecurity experts, and implementing new systems to address all 93 ISO/IEC 27001 controls. This sustained commitment ensures our customers benefit from the most advanced security infrastructure in the region,” he said.

 

As a regional pioneer, Co-operative Bank’s achievement strengthens its ability to serve international clients and supports its expansion strategy across East Africa. The certification aligns with Kenya’s broader financial sector digitisation goals and complements compliance with Central Bank of Kenya regulations.

 

Co-operative Bank remains steadfast in maintaining and continually enhancing its information security standards. The updated certification underscores the bank’s long‑term commitment to protecting customer information and contributing to Kenya’s digital economy growth.