Last Updated- Apr 7, 2009 8:04 - - 0 Comments


Bank of Ghana repositioned to maintain banking standards

bank-of-ghanaThe of Ghana has come out as having one of the most efficient information security management systems in the world, yet another feat that establishes the bank as a credible institution in its operations.

Having passed the information technology and management systems audit in compliance with the International Organisation for Standardisation/International Electrotechnical Commission (ISO/IEC 27001:2005), which demonstrates credibility, trust and confidence, the central bank is re-positioned and beaming with unsurpassed confidence in dealing with its cus­tomers, partners and the country’s financial sys­tem.

This should provide a great sense of security and confidence in the bank’s dealings with its part­ners, a view shared by the governor, Dr. Paul Acquah.

“This strengthens our authority to supervise the market. If we are ISO certified we can discuss issues relating to systems of the sector with confi­dence and insist with rigorous requirements on control system,” Dr Acquah told the Daily Graph­ic, as he threw more light on the significance of the certification the central bank has just obtained.

The quest for management and the governor’s personal concern to assess the authenticity of the current system and assess the risks associated with migration into a highly integrated information management and security system, underline the step to go in for the audit of the information asset which began in July 2008, leading to the certifica­tion last week.

The ISO/IEC 27001:2005, is the world’s high­est accreditation, for information protection, and security, and has instantly made the central bank the first African central bank to receive such a high testimonial. ISO 27001 is the only auditable inter­national standard which defines the requirements to ensure that sufficient security controls are insti­tuted within the certified organisation.

The BoG has thus joined the ranks of the World Bank and the International Monetary Fund (IMF) as well as a small group of central banks, including the Federal Reserve Bank of New York, Reserve Bank of India, Bank of Indonesia, and Bank of Taiwan that have attained the prestigious status.

The bank also acknowledges how the certifica­tion constitutes grounds to guarantee that the bank would continue in business going forward and was not threatened by any internal or external risks to its operations, There are 5,206 institutions globally that hold the certification; with half of those being in Japan and the rest in advanced countries and emerging markets for a certification that borders on the totality of how secure the BoG’s operations were, it took cognisance of how the bank manages and handles its’ documents, its staff conducts and behaviour within the framework that information and documentation at their disposal should be handled with utmost confidence, how information was handled “right down to its physical security infrastructure which included installing appropriate and robust security systems to protect the bank systems from unauthorised penetration and hacking.

The certification is therefore significant to the regulator of the financial system due to the high sensitivity of issues and the confidentiality require­ments of the sector. In effect, the BoG just acquired a sharper set of teeth to bite hard and ensure that banks in the country also went in for more secure and modern information management systems.

“This ISO certification was to ascertain how protected the system is from attack and to establish that its integrity is full-proof,” the Governor said. .

One of the greatest assurances of the certifica­tion, which also took account of the system’s anti­virus regime, is to the partners and customers of the bank as well as the financial sector that they could deal with the central bank with absolute con­fidence, as the audit has established that the central bank’s systems are not vulnerable to attack or default.

The Bank of Ghana information management system has an adequate and efficient back-up sys­tem, including by the minute recording of image, and the building of an audit trail along the information management processes.

Interestingly, the robust system in place has also enabled the BoG to link up relevant ministries, departments and agencies (MDAs) through the Ministry of Finance and Economic Planning, for internet banking which facilitates government business.

For Dr Acquah the signaling for increased security of the bank began way back in 2002 when beefing up of the physical security infrastructure started. Hitherto, people passing by the central bank could see through to the offices and even observe working staff at close range: This was not good enough for the safety of workers.

Dr Acquah said since 2005, the formal process to modernise its information security systems took on a higher gear with the implementation of IMPACT 05, as part of a response to a needs assessment for a modem central bank.

IMPACT 05, coined from the phrase Integrat­ing and Modemising Processes to Achieve Contin­uous Transformation was launched on February 10, 2005 to improve the effectiveness and efficiency of methods of working within the bank with the overall objective of helping the banks’ regulator to achieve its vision of becoming a world-class central bank.

The project – which cuts across systems and technology; work method and processes; struc­tures; roles and responsibilities; new skills, and organisational culture change – was also to eliminate unnecessary work processes and waste so as to speed up current work and improve information and service delivery.

Dr Acquah explained that IMPACT 05 finally helped the central bank to achieve a fully networked, automated and integrated information technology (IT) infrastructure that responded to the needs of all stakeholders. However, the final aspects of the bank’s system were launched in – 2007 alongside the re-denomination exercise which required increased security.

A member of staff provided the operative word “IMPACT” for the project during a competition.

ISO 27001 is the only auditable international standard which defines the requirements to ensure that sufficient security controls are instituted with­in the certified organisation.

Not only will the august certification expose the BoG to additional annual scrutiny of its infor­mation security management system, it will also subject it to yearly reviews for it to maintain the priced ISO 27001 certification.

“Maintaining the certification requires an annual review and three year re-certification in the continual scrutiny of Bank of Ghana’s information security management system in a manner that aims, to provide confidence to clients and the public as a whole that the bank’s data is protected on an ongo­ing basis,” the BoG said in a statement.

The certification is an endorsement that the central bank has addressed, implemented and con­trolled the security of the bank’s information and in effect means that the BoG’s management infor­mation and systems are secure to ensure the integrity of data sent out, as well as data received in a manner that significantly limits security and privacy breaches.

“The certification establishes that relevant laws and regulations are being met, especially in line with the BoG’s mandate of ensuring an effective banking system in the country,” the statement added.

Lloyds Register Quality Assurance (LRQA), an independent assessment company in the United Kingdom, carried out the certification audits to ensure that the BoG’s information security controls were compliant to what the ISO conformity regime considered secure. LRQA UK is regarded as one of the few companies in the world to perform ISO 27001 audits.

Source: Daily Graphic

Email This Post Email This Post | Print This Story Print This Story

Comments

Got something to say?