The move, besides being in line with international best practice, to have an appropriate and systematic management framework to adequately ensuring continuous confidentiality, availability and integrity, was also to comply with information security best practices. It was also to adequately protect the bank’s information assets, and also leverage on the opportunity for continuous operational excellence that will yield positive result on investment.
The CBN, in conjunction with the Bankers committee, is working on the Financial services Industry Infrastructure Programme (IITP) in order to stimulate improvements in IT services, operations and management.
The ISO 27001 Standard was identified as one of the IT standards within the financial services IITP.
This and other issues led to the bank putting everything in place to ensure it clinches the ISO 27001 certification.
The process began with the apex bank engaging a consultant, Global InfoSwift Limited (GIS) to carry out an information Security Gap Analysis on the entire infrastructure and applications. The outcome of this gap analysis gave a roadmap where the bank needed to move in terms of its Information Security Management System.
The Central Bank of Nigeria had in conjunction with the Bankers Committee committed the implementation of the selected standards as an integral part of the financial services industry infrastructure transformation programme (IITC). The aim of this programme was to significantly enhance operational efficiency and cost effectiveness of banks in Nigeria through shared services.
An integral part of this overall objective was industry compliance with an acclaimed standard of managing critical information access to engender the needed confidence in stakeholders and participants in the Nigerian financial services industry.
This led to the selection of the highest standard for information security management- the ISO 27001 – 2005 for information security framework as part of the IITC.
A few banks in Nigeria were early adopters of the standard, but the CBN has taken the lead in certifying to a much wider scope and achieving this in less than one calendar year.
For the CBN, aside from taking the lead in practices consistent with its status as the apex financial regulator of the financial system and facilitator of the IITC, a major driving force in establishing an information security management system was the need to have formalised processes to protect the organisation’s key information assets as some of them are information of national relevance.
All the hardworking and resilience led to the bak being presented the ISO 27001:2005 Information Security Management System Certificate Award ceremony in Abuja which was conferred by the British Standards Institute (BSI)
No comments:
Post a Comment