In the journey to become world class central bank, BNR in August 2017 has qualified to be ISO 27001:2013 certified as the first institution in the Country and among the EAC Central Banks, ISO 27001:2013 being an information security management standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) international standard.
What does this mean?
The Bank has embarked on a journey to be ISO 27001:2013 certified through the establishment of ISMS framework (Information Security Management System) in accordance with ISO/IEC 27001:2013 and applies to the below scope:
“Processing, transmission and storage of digital information and information processing assets of the National Bank of Rwanda.”
Purpose of ISO certification
The main objective of this ISMS framework is to protect the Confidentiality, Integrity and Availability of Information Assets from all threats, whether internal or external, deliberate or accidental in relation to the processing, transmitting and storing of sensitive bank information.
This objective is achieved by:
What value does this certificate add to BNR as central bank?
In light of the ever-growing cybersecurity threats posed to financial systems to tune of 52% globally, this framework adds a layer of information security governance where by the Bank’s key ICT infrastructure are protected and administered according to the accepted international standards.
BNR being ISO 27001:2013 certified as the central bank and a regulatory body in the financial sector, having determined its interested parties including but not limited to (Staff, Service Providers, Network providers, Assessors and Auditors, Vendors & Suppliers of goods and services, Customers both Financial Sectors, Government Institution, Government Ministries, Statutory Authorities like World Bank, IMF, African Development Bank (ADB)), below will be additional benefits