SunTrust Bank Bags ISO and PCI DSS Certifications

by | April 20, 2018 12:34 am



SunTrust Bank Nigeria Limited has been awarded ISO 2007:2013 and PCI DSS Certification by the PECB Canada, a leading organization in audit management systems and processes.

The certification is the world’s highest accreditation for Information Security Management System (ISMS).

The bank was awarded the ISO/IEC 27001:2013 Certification after undergoing series of intense implementation exercise and audit processes which began in October 2017 last year.

Speaking on the award Managing director/CEO of SunTrust Bank Nigeria Limited, Muhammad Jibrin, said: “This certification is a proof of our commitment to provide all our participants with maximum protection. This process involved auditing and verification of our Information Security Management System (ISMS) practices by PECB.

“The certification is a clear indication of the strength of our investments in people, process and technology for enhancing the customer experience by improving adequate information security.

“It is the only auditable international standard which defines the requirements to ensure that sufficient security controls are instituted within the certified organization.

  The Bank is required to undergo an annual audit review and three-year re-certification process such that the information security standard is maintained, while Internal Audit will also conduct bi-annual audit review as part of requirement.

“The PCI DSS scope comprises of the people, processes and technology involved in the storage, processing, and transmission of cardholder data/sensitive authentication data in SunTrust Bank. The scope of the PCI DSS was carefully determined to give SunTrust maximum value. The scope will be reviewed annually to ensure that new changes have not impacted the scope and thus no system which may impact the Card Holder Data Environment is out of scope.”

The PCI DSS scope was determined by reviewing network diagrams, business processes, system components included in or connected to the cardholder data environment (CDE), and associated personnel.

The certification would ensure that the Bank business data are secured, boosts customer’s confidence by protecting their data as well as assisting the bank to avoid fines from regulatory bodies and lawsuits.

David Ibemere  and Angel James