Aiden k 
- Co-operative Bank Attains ISO/IEC 27001:2022 Certification, Boosting Customer Data Protection
- Transition highlights the bank’s investment in advanced cybersecurity and alignment with Central Bank regulations
Co-operative Bank of Kenya has successfully transitioned to the updated ISO/IEC 27001:2022 standard, achieving the updated global benchmark for information security management systems.
The bank was awarded the certification by BSI, the business improvement and standards company, at a handover ceremony held at Co-operative Bank House on Friday, 5th September 2025.
The certification followed an extensive external audit that evaluated critical security areas including:
- Physical security measures
- Access control systems
- Risk management protocols
- Change management processes
- Business continuity planning
- Security best practices in software development
“Achieving this certification demonstrates our commitment to protecting customer information through world-class information security standards. This milestone has enhanced our risk management, standardised information security policies organisation-wide, and strengthened our incident response capabilities.
The comprehensive controls we’ve implemented ensure regulatory compliance while reinforcing the trust our customers, partners, and regulators place in Co-operative Bank,” said Charles Washika, Director ICT & Innovations at Co-operative Bank of Kenya.
“The global digital landscape is changing, with core business practices now increasingly cloud-based and digitally reliant. BSI is proud to be a trusted partner as organisations respond to this.
Certification to the information security management systems standard (ISO/IEC 27001) shows that Co-op Bank has taken the necessary steps to protect itself against cyber threats and ensure its information security is in line with global best practice.
This focus on achieving digital trust is crucial in a world of technological transformation. Congratulations to the team on this achievement,” said Ilias Karampoikis, IMETA Sales and Commercial Director
Co-operative Bank made history in 2014 as the first bank in East Africa to achieve ISO/IEC 27001:2013 certification.The updated standard provides a holistic approach to address modern threats, vulnerabilities, and impacts while ensuring the confidentiality, integrity, and availability of sensitive data.
The certification directly benefits Co-operative Bank’s customers by ensuring their personal and financial data is processed and stored using internationally recognised security protocols.
The bank’s robust Information Security Management System minimizes the risk of data privacy breaches while supporting secure digital banking services.
“Over the past decade since our initial ISO certification, we have continuously invested in strengthening our information security capabilities.
In response to evolving cyber threats, we’ve scaled up our investments by acquiring cutting-edge security tools, hiring qualified cybersecurity experts, and implementing new systems to address all 93 ISO/IEC 27001 controls.
This sustained commitment ensures our customers benefit from the most advanced security infrastructure in the region,” added Mr. Washika
As the pioneer in achieving ISO/IEC 27001 certification in East Africa, Co-operative Bank continues to set the benchmark for information security in the region’s banking sector. This certification strengthens the bank’s position to serve international clients and supports its expansion strategy across East Africa.
The achievement aligns with Kenya’s broader financial sector digitisation goals and complements the bank’s compliance with Central Bank of Kenya regulations.
Co-operative Bank remains dedicated to maintaining and continuously enhancing its information security standards. The bank’s investment in achieving this updated certification reflects its long-term commitment to protecting customer information and supporting Kenya’s digital economy growth.
