Safaricom PLC has been awarded the ISO 27701 Privacy Information Management System certificate. This prestigious certification was granted after a comprehensive evaluation by the British Standards Institute (BSI). The certification was issued on October 16th, 2024 after assessing Safaricom’s levels of implementation of customer support, billing services, M-PESA, and data centre operations. This is the highest certification an organization can attain in the management of privacy information systems, as a data controller or processor.
This serves as a validation of Safaricom’s dedication to safeguarding customer data across its GSM and M-PESA services. It confirms that the company adheres to globally accepted regulatory and technical standards in the implementation of privacy management systems.
This milestone complements Safaricom’s existing certifications in Information Security Management Systems (ISO 27001 – ISMS) and the Payment Card Industry Data Security Standard (PCI DSS version 4.0)
The assessment conducted by BSI took into account various critical elements related to Safaricom’s operations, including effective system controls for the protection of personal information, implementation of relevant policies including the Data Protection Policy.
Other areas covered included crucial systems such as the Customer Relationship Management, IP Contact Centre, Tibco, Converged Billing System, Voucher Management System, M-PESA G2, M-PESA Statement Portal, M-PESA Super App, MySafaricom App, and the M-PESA business App.
“I would like to applaud the dedicated cross-functional teams whose tireless efforts have made this achievement possible. The attainment of the PIMS certification reaffirms our ongoing commitment to continuously improve our privacy and security measures, ensuring we provide exceptional experiences for our customers while safeguarding their private information,” said Peter Ndegwa, CEO of Safaricom in a press statement.
