Sinapi Aba Savings and Loans Company Limited has received ISO 27001 certification per the central bank's directive to financial institutions to enhance cyber and information security.

The company becomes the first savings and loans company in Ghana to obtain the certification to improve its Information Security Management Systems.

ISO 27001 structures how businesses should manage risk associated with information security threats, policies, procedures and training for information security threats.

Sinapi Aba Savings and Loans’ certification follows Bank of Ghana’s directive that financial institutions must meet the international standardization of being ISO compliant in the wake of the banking sector challenges in recent years.

Many players in the financial institution space were affected by the regulator's unprecedented financial sector clean-up exercise.

Head of Cyber and Information Security at Sinapi Aba Savings and Loans Company Limited, Degraft Agyapong, says the company took the early step to safeguard its data and improve customer confidence.

“…quality access to digital finance cannot happen without quality control; that is why we believe we need to have a state-of-the-art technical capacity to enhance and ensure customer experience in terms of customer data protection and financial service security.

…Because of this, we aimed and have achieved the ISO 27001 certification – the first savings and loans company to get this certification in Ghana.”

The ISO 27001

It is the leading international standard focused on information security, published by the International Organization for Standardization (ISO), in partnership with the International Electrotechnical Commission (IEC).

Both are leading international organizations that develop international standards.

ISO-27001 is part of a set of standards developed to handle information security. It provides a framework to help organisations of any size or any industry protect their information systematically and cost-effectively by adopting an Information Security Management System (ISMS).

The standard contains information security guidelines and requirements intended to protect an organization’s data assets from loss or unauthorised access and recognised its commitment to information security management through certification.

It includes a risk assessment process, organizational structure, information classification, access control mechanisms, physical and technical safeguards, information security policies, procedures, monitoring and reporting guidelines.

What it means to customers

ISO 27001 is easily recognised all around the world, increasing business opportunities for organisations and professionals.

The standard provides companies with the necessary know-how for protecting their most valuable information, but the company in this way proves to its customers and partners that it safeguards their data.

As technology is developed and improved, so does the increased need for information security.

As a result, many businesses like Sinapi Aba Savings and Loans have resolved to continuously vote funds for security investment to maintain appropriate security controls, levels of risk and data sensitivity.

“….here customer experience has always been a priority. That is why we continue to invest heavily in our cyber and security systems. We believe that the digitisation of financial products and services is the way to go.

"However, the essence of digitization cannot be realised without strengthening our cyber and information security systems,” Degraft Agyapong said.

He continues that “…so that our information will be regularised and protected. As an institution, we need to secure our infrastructure so that our customers can get the best of customer experience.”

By obtaining certification in ISO 27001, organisations have the opportunity to prove credibility and show customers that the organization is working according to recognised best practices.

This credibility is often a deciding factor, giving the certified organisation a competitive advantage on the financial market.

It means customers data and information are given maximum security and priority of protection.