Introduction

In the journey to become world class central bank, BNR in August 2017 has qualified to be ISO 27001:2013 certified as the first institution in the Country and among the EAC Central Banks, ISO 27001:2013 being an information security management  standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) international standard.

What does this mean?

The Bank has embarked on a journey to be ISO 27001:2013 certified through the establishment of ISMS framework (Information Security Management System) in accordance with ISO/IEC 27001:2013  and applies to the below scope:

“Processing, transmission and storage of digital information and information processing assets of the National Bank of Rwanda.”

Purpose of ISO certification

The main objective of this ISMS framework is to protect the Confidentiality, Integrity and Availability of Information Assets from all threats, whether internal or external, deliberate or accidental in relation to the processing, transmitting and storing of sensitive bank information.

This objective is achieved by:

  • Establishing and implementing risk based information security controls;
  • Periodically reviewing and updating operational procedures of all business functions;
  • Complying with statutory regulatory requirements and contractual security obligations;
  • Spreading security awareness amongst Staffs, interns, service providers, third party contractors and end users of BNR information systems;
  • Managing security incidents effectively through an Incident management framework;
  • Developing Business Continuity Plans that addresses information security continuity; and
  • Continually improving ISMS through regular review of measurable security objectives.

What value does this certificate add to BNR as central bank? 

In light of the ever-growing cybersecurity threats posed to financial systems to tune of 52% globally, this framework adds a layer of information security governance where by the Bank’s key ICT infrastructure are protected and administered according to the accepted international standards.

BNR being ISO 27001:2013 certified as the central bank and a regulatory body in the financial sector, having determined its interested parties including but not limited to (Staff, Service Providers, Network providers, Assessors and Auditors, Vendors & Suppliers of goods and services, Customers both Financial Sectors, Government Institution, Government Ministries, Statutory Authorities like World Bank, IMF, African Development Bank (ADB)), below will be additional benefits

  • Enable BNR to manage and secure its information and information assets cost effectively as well as systematically from all potential security threats.
  • Increase trust and confidence among the interested parties that their data and other information exchange is protected and kept confidential and secure thereby improving the value and customer satisfaction.
  • Become compliant to relevant rules, regulations, legislations, standards and best practices.
  • Enable BNR to plan ahead of a crisis or disaster to ensure downtime of operations are avoided or minimized. 
  • Create information security awareness amongst the Staff, Interns, third party Contractors, Service providers, and end users of BNR information systems.
  • Manage and continually improve information security governance, risk and compliance processes effectively.