Safaricom Achieves Highest Privacy Certification with ISO 27701 Recognition

Safaricom PLC has achieved a major milestone in privacy management, receiving the ISO 27701 Privacy Information Management System (PIMS) certification. This top-level accreditation from the British Standards Institute (BSI) recognizes Safaricom as one of the first mobile network operators in the region to attain this standard, highlighting its dedication to stringent data privacy practices.

Awarded on 16th October 2024, the certification reinforces Safaricom’s commitment to safeguarding customer information across key operations, including customer support, billing services, M-PESA, and data center management.

ISO 27701 is widely regarded as the highest privacy certification available, covering systems that manage data protection responsibilities for both data controllers and processors. Safaricom’s certification came after an extensive review of its privacy protocols, which demonstrated the company’s robust alignment with international regulatory and technical standards.

This certification bolsters Safaricom’s already comprehensive data security measures, adding to its existing ISO 27001 certification for Information Security Management Systems (ISMS) and the Payment Card Industry Data Security Standard (PCI DSS v4.0). Together, these accreditations reflect Safaricom’s commitment to comprehensive data protection for its GSM and M-PESA services, assuring customers of secure and compliant handling of their information.

The rigorous assessment conducted by BSI covered multiple aspects of Safaricom’s privacy management framework, including essential system controls for personal data protection, implementation of Safaricom’s Data Protection Policy, and robust measures ensuring secure handling of customer data.

It also evaluated key systems within the company’s operations, such as the Customer Relationship Management (CRM) system, the IP Contact Centre (IPCC), the Converged Billing System (CBS), and digital platforms like the M-PESA G2, M-PESA Statement Portal, M-PESA Super App, MySafaricom App, and the M-PESA Business App. These systems are integral to Safaricom’s operations, supporting efficient service delivery while upholding the highest privacy standards.

Peter Ndegwa, CEO of Safaricom, praised the team’s efforts in achieving the certification, stating, “I would like to commend the tireless efforts of our cross-functional teams who made this achievement possible. Attaining the PIMS certification reaffirms our commitment to continually improving our privacy and security measures, providing exceptional service experiences for our customers while ensuring their data is safeguarded.”

Additionally, Safaricom recently upgraded to the latest version of PCI DSS certification, moving from version 3.21 to version 4.0. This enhancement in payment card industry standards further strengthens Safaricom’s commitment to securing financial transactions and customer data, particularly for M-PESA, the largest mobile payment system globally.