Safaricom PLC has been awarded the ISO 27701 Privacy Information Management System (PIMS) certificate.
This prestigious certification was granted after a comprehensive evaluation by the British Standards Institute (BSI). This is the highest certification an organisation can attain in management of privacy information systems, as a data controller or processor.
The certification was issued on 16th October 2024 after assessing Safaricom’s levels of implementation of customer support, billing services, M-PESA and data centre operations. This serves as a validation of Safaricom’s dedication to safeguarding customer data across its GSM and M-PESA services.
It confirms that the company adheres to globally accepted regulatory and technical standards in the implementation of privacy management systems.
This milestone complements Safaricom’s existing certifications in Information Security Management Systems (ISO 27001 – ISMS) and the Payment Card Industry Data Security Standard (PCI DSS version 4.0) The assessment conducted by BSI took into account various critical elements related to Safaricom’s operations, including effective system controls for the protection of personal information, implementation of relevant policies including the Data Protection Policy.
Other areas covered included crucial systems such as the Customer Relationship Management (CRM), IP Contact Centre (IPCC), Tibco, Converged Billing System (CBS), Voucher Management System (UVC), M-PESA G2, M-PESA Statement Portal, M-PESA Super App, MySafaricom App, and the M-PESA business App.
“I would like to applaud the dedicated cross-functional teams whose tireless efforts have made this achievement possible. The attainment of the PIMS certification reaffirms our ongoing commitment to continuously improve our privacy and security measures, ensuring we provide exceptional experiences for our customers while safeguarding their private information,” said Peter Ndegwa, CEO, Safaricom. C2 – Safaricom Internal Additionally, the company recently achieved the latest and highest level of PCI DSS Certification (upgraded from v3.21 to v4.0).