KAMPALA, UGANDA – February 5, 2026: NCBA Bank Uganda and Kenya have successfully achieved dual ISO certification from the British Standards Institution (BSI) a global accreditation body that certifies and accredits organizations on standards, marking a major milestone in strengthening information security, data privacy, and regulatory assurance across their operations, reinforcing NCBA as a bank known for innovation.
NCBA is the 1st local bank to attain ISO/IEC 27701 (Privacy Information Management System) on data privacy in East and Central Africa.
The ISO/IEC 27001 (Information Security Management System) and ISO/IEC 27701 (Privacy Information Management System) certifications reinforce the Bank’s comprehensive and systematic approach to managing, processing and safeguarding sensitive data relating to customers, employees and third parties.
These certifications ensure that an organisation meets the rigorous standards of security and service management and further aligns NCBA’s security and privacy controls with global best practices and supports compliance with the Uganda Data Protection and Privacy Act and the Kenya Data Protection Act. The certification also represents a proactive commitment to privacy management further reinforcing trust in the bank’s ability to protect the data of customers, partners, and stakeholders while meeting the highest international standards.
Mark Muyobo, CEO NCBA Bank Uganda Limited, commenting on the achievement, noted, “Attaining these dual ISO certifications is a significant milestone in our continuous journey to strengthen information security within our operations. Our customers can be assured that we uphold the highest standards in security, service management and regulatory compliance.
We remain committed to providing services that are secure, efficient, and high-quality to our customers.”
This certification initiative is driven by NCBA’s growing digital footprint, cross-border operations, and increasing reliance on technology and third-party service providers. Phase one of the programme focused on Kenya and Uganda, with Kenya prioritised due to its role in delivering approximately 80% of the Group’s information security and technology functions.
Phase 2 of the program is planned to extend certification to Loop DFS, Tanzania, and Rwanda, leveraging the governance framework, controls, and lessons learned from Phase 1. The two certifications build on each other with ISO/IEC 27001 providing a structured, risk-based framework for protecting the confidentiality, integrity, and availability of information assets, while ISO/IEC 27701 strengthens privacy controls and governance around Personally
Identifiable Information (PII).
According to Mr Muyobo, “NCBA is committed to maintaining high standards by ensuring its staff are well-trained in compliance and best practices, encouraging active participation in
system improvements, and fostering a culture of continuous enhancement. This approach strengthens the bank’s ability to deliver top-tier service, maintain information security, and achieve operational excellence.”
With its dual ISO certifications, NCBA Bank solidifies its standing as a leader in the banking industry, demonstrating its dedication to global standards and providing secure, reliable, and innovative financial services to customers.