The Board and Management of Accion Microfinance Bank is committed to preserving the Confidentiality, Integrity and Availability of its Information assets in order to meet its business, legal, regulatory, contractual, resilience, and reputational obligations.
The Bank has aligned its processes and operations to the ISO27001:2022, ISO22301:2019, ISO20000:2018 standards and PCIDSS requirements to ensure business resilience, secured and excellent service delivery, and committed to continuous improvement of its processes.
Our Integrated Management System which consists of ISMS, BCMS and SMS is intended to be an enabling mechanism for secured information processing, sharing, storage, electronic operations and reducing information related risks to an acceptable level and provide a framework to protect assets from unauthorized access, disclosure, alteration, destruction, disruption, ensuring the continuous delivery of services. Security requirements will therefore continuously be aligned with organizational goals.
It is therefore our policy to ensure that;
-
Accion Microfinance Bank’s current Strategy, Information Security and the Enterprise Risk Management framework provides the context for identifying, assessing, evaluating and controlling information related risks through establishment and maintenance of the Integrated Management System-IMS (ISMS, BCMS and SMS). The Information Security risk assessment, Statement of Applicability and risk treatment plan identify how information related risks are controlled in alignment with Accion MFB’s risk management strategy.
-
Business continuity and contingency plans, data backup procedures, access control to systems, incident management and reporting are fundamental to this policy. All employees of Accion MFB shall have the responsibility of reporting information security breaches and other incidents.
-
All employees of Accion MFB and third parties identified in the IMS are expected to comply with this policy. All staff and external parties will receive or be required to provide appropriate training.
-
The Chief Information Security Officer (CISO) is the owner of this document and is responsible for ensuring that this policy document is reviewed and approved by the Board at least annually and in the event of relevant changes and/or incidents.
-
A current version of this document is available to all members of staff on the Intranet. This policy is issued on a version-controlled basis under the signature of the Board of Accion Microfinance Bank.
-
Breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of employment/contract as well as legal action in line with the Cybercrime Prevention and Prohibition Act (Amended) 2024.