CBN Mandates Banks to Get Security Certification by 2015

cbn2The Central Bank of Nigeria (CBN) has mandated all commercial banks to be information security-certified by 2015.

The CBN Deputy Governor (Operations), Mr. Tunde Lemo, dropped the hint in Abuja on Wednesday, during the conferment of the ISO 27001 certificate on the central bank by the British Standards Institution (BSI).

This emerged on a day the British High Commissioner to Nigeria, Dr. Andrew Pocock, also described the CBN’s attainment of one of the highest standards of information security management as a confidence building measure and remarkable achievement.

He said the British government had planned to double trade volume with Nigeria to about £8 billion next year if the British investors were convinced that Nigerian economy was adequately regulated. He also said the CBN information security certification would open door for such investment opportunities in the country.

Meanwhile, the acquisition of the coveted certification puts the CBN at par with the institutions like the World Bank and International Monetary Fund (IMF) that had adopted the standard. The central bank also becomes the first organisation in the country to attain such level of certification.

Essentially, the information security and management system allows the CBN to install processes including controls, technology and people awareness to ensure that particularly classified information held in custody on behalf of its stakeholders and clients is properly protected.

Lemo said: “CBN regulates banks and other financial institutions. For those ones we regulate particularly commercial banks, we have made it mandatory for them to be so certified before the end of 2015.”

The CBN Governor, Mallam Sanusi Lamido Sanusi, also said information security had become critical to the central bank’s operations, adding that going forward, any unauthorised disclosure or compromise would be have consequences.

Represented at the occasion by CBN Deputy Governor, Corporate Services, Alhaji Suleman Barau, Sanusi said all its stakeholders and partners would now have more confidence in the bank’s ability to protect the data in its possession.

He said the CBN would do all within its powers to sustain controls and retain the certification.
However, the certification which is for an initial period of three years is presently limited to the CBN headquarters but with the possibility of extending it its branches offices in future.
The Managing Director of BSI, Europe, Middle East and Africa (EMEA), Mr. Mark Basham, said follow-up audit would be conducted every six months to ensure the CBN standards and controls are still intact and within the requirements for which the standard was awarded. The certificate could either be withdrawn or re-issued at expiration.

Also, the CBN Deputy Governor, Economic Policy, Dr. Sarah Alade, who congratulated some of the banks, including First Bank which had earlier adopted the standards, however noted that “the Central Bank of Nigeria has taken the lead by certifying to a much wider scope and achieving this in less than one calendar year.”

She said the driving force for the adoption was the need to have formalised processes to protect the organisation’s key information assets as some of them are information of national relevance.
According to the Executive Director, Global InfoSwift (the firm which prepared the CBN for the award), Mr. Afolabi Oke: “We are indeed very proud to be part of the Central Bank of Nigeria’s success story. This is an affirmation that the CBN has adopted and complied with one of the most reputable international information security management system standards in the world.”