1. Home
  2. Industry News
  3. Safaricom Receives Top Privacy Certification for M-PESA and Data Operations
Industry News

Safaricom Receives Top Privacy Certification for M-PESA and Data Operations

  • BY waceke
  • October 29, 2024
peter ndegwa safaricom CEO

In a significant milestone, Safaricom PLC has been awarded the prestigious ISO 27701 Privacy Information Management System (PIMS) certification by the British Standards Institute (BSI). This achievement follows a comprehensive evaluation process, making Safaricom the highest certified organization in Kenya in terms of managing privacy information systems as a data controller or processor. The certification, issued on 16th October 2024, is a testament to Safaricom’s commitment to protecting customer data and maintaining privacy in its services.

The ISO 27701 standard is globally recognized as the highest standard for Privacy Information Management Systems. It provides a framework for organizations to establish, implement, maintain, and continually improve their systems to manage personal information securely. Safaricom’s certification signifies that the company adheres to these globally accepted regulatory and technical standards, ensuring that its data management systems protect customers’ privacy across its services.

The certification process involved a thorough assessment of Safaricom’s implementation levels across various customer support, billing services, M-PESA, and data center operations. The British Standards Institute (BSI), a leading global standards body, conducted the evaluation. BSI scrutinized key aspects of Safaricom’s operations, focusing on critical elements such as:

  • Effective System Controls: The evaluation examined the effectiveness of system controls implemented to protect personal information from unauthorized access, misuse, or breaches.
  • Implementation of Relevant Policies: Safaricom’s Data Protection Policy was a core area of focus, demonstrating the company’s proactive approach in establishing policies that align with global privacy standards.
  • Privacy and Security Measures: The assessment also reviewed Safaricom’s privacy and security measures within its systems and platforms.

BSI’s rigorous evaluation covered several of Safaricom’s crucial systems and digital platforms, ensuring that each met the required privacy and security standards. These systems included:

  • Customer Relationship Management (CRM): This system manages Safaricom’s customer data and interactions.
  • IP Contact Centre (IPCC): A platform handling customer support operations.
  • Tibco: An enterprise-level integration and analytics platform.
  • Converged Billing System (CBS): The central system for customer billing.
  • Voucher Management System (UVC): A system managing customer vouchers.
  • M-PESA G2 and Statement Portal: Platforms related to the popular M-PESA mobile money services.
  • M-PESA Super App, MySafaricom App, and M-PESA Business App: Applications providing a range of financial services to customers and businesses.

Speaking on the milestone, Peter Ndegwa, CEO of Safaricom, commended the collaborative efforts that led to this achievement. He emphasized Safaricom’s dedication to continually improving privacy and security measures to create exceptional customer experiences.

“I would like to applaud the dedicated cross-functional teams whose tireless efforts have made this achievement possible. The attainment of the PIMS certification reaffirms our ongoing commitment to continuously improve our privacy and security measures, ensuring we provide exceptional experiences for our customers while safeguarding their private information,” Ndegwa remarked.

The ISO 27701 certification is a valuable addition to Safaricom’s existing suite of industry-standard certifications. Previously, the company earned recognition through the ISO 27001 certification for Information Security Management Systems (ISMS) and the Payment Card Industry Data Security Standard (PCI DSS version 4.0). These certifications underscore Safaricom’s holistic approach to data security and privacy, ensuring that it meets the highest global benchmarks.

By obtaining the ISO 27701 certification, Safaricom has solidified its position as a leader in privacy management in the telecommunications and financial services sectors. The certification assures customers that their personal information is handled in accordance with globally accepted best practices.

As digital services continue to evolve and expand, safeguarding personal information has become increasingly critical. Safaricom’s proactive measures, reflected through its privacy policies and controls, highlight its commitment to protecting customers’ private information while delivering seamless services across its GSM and M-PESA platforms.

Key Takeaways

  1. Safaricom PLC has been awarded the ISO 27701 Privacy Information Management System (PIMS) certification, establishing it as the highest certified organization in privacy management systems in Kenya.
  2. The certification was issued by the British Standards Institute (BSI) after a comprehensive evaluation of Safaricom’s customer support, billing services, M-PESA, and data center operations.
  3. Safaricom’s privacy measures extend across key systems, including CRM, IPCC, Tibco, CBS, UVC, M-PESA G2, and the company’s suite of mobile apps.
  4. The certification complements Safaricom’s existing certifications in Information Security Management Systems (ISO 27001) and Payment Card Industry Data Security Standard (PCI DSS version 4.0).
  5. Peter Ndegwa, CEO of Safaricom, reiterated the company’s commitment to continuous improvement of its privacy and security measures to provide exceptional customer experiences.

Safaricom’s achievement of the ISO 27701 certification marks a significant milestone in its journey toward ensuring the highest standards of data privacy and security. As the digital landscape evolves, customers can be confident in Safaricom’s dedication to safeguarding their personal information, backed by internationally recognized standards.