Co-operative Bank of Kenya has successfully transitioned to the updated ISO/IEC 27001:2022 standard, earning the globally recognized benchmark for information security management systems.
The certification was awarded by BSI, the business improvement and standards company, during a handover ceremony at Co-operative Bank House on Friday, 5 September 2025.
The accreditation followed a rigorous external audit that assessed core security domains, including:
-
- Physical security measures
- Access control systems
- Risk management protocols
- Change management processes
- Business continuity planning
- Security best practices in software development
Charles Washika, Director ICT & Innovations at Co-operative Bank of Kenya, stated, “Achieving this certification demonstrates our commitment to protecting customer information through world-class information security standards.
This milestone has enhanced our risk management, standardised information security policies organisation-wide, and strengthened our incident response capabilities. The comprehensive controls we’ve implemented ensure regulatory compliance while reinforcing the trust our customers, partners, and regulators place in Co-operative Bank.”
Ilias Karampoikis, IMETA Sales and Commercial Director, commented, “The global digital landscape is changing, with core business practices now increasingly cloud-based and digitally reliant. Certification to ISO/IEC 27001 shows that Co-op Bank has taken the necessary steps to protect itself against cyber threats and ensure its information security is in line with global best practice. This focus on achieving digital trust is crucial in a world of technological transformation.”
Co-operative Bank made history in 2014 as the first bank in East Africa to achieve ISO/IEC 27001:2013 certification. The 2022 revision provides a holistic approach to address modern threats, vulnerabilities, and impacts while ensuring the confidentiality, integrity, and availability of sensitive data.
The certification directly benefits customers by ensuring personal and financial data is processed and stored using internationally recognized security protocols. The bank’s robust Information Security Management System reduces the risk of data privacy breaches while supporting secure digital banking services.
Washika added, “Over the past decade since our initial ISO certification, we have continuously invested in strengthening our information security capabilities. In response to evolving cyber threats, we’ve scaled up our investments by acquiring cutting-edge security tools, hiring qualified cybersecurity experts, and implementing new systems to address all 93 ISO/IEC 27001 controls. This sustained commitment ensures our customers benefit from the most advanced security infrastructure in the region.”
As a regional pioneer, Co-operative Bank’s achievement strengthens its ability to serve international clients and supports its East Africa expansion strategy. The certification aligns with Kenya’s broader financial sector digitisation goals and complements compliance with Central Bank of Kenya regulations.
Co-operative Bank remains dedicated to maintaining and continually enhancing its information security standards. The updated certification underscores the bank’s long-term commitment to protecting customer information and contributing to Kenya’s digital economy growth.