Oando Plc has bagged the ISO 27001 certification – an international standard outlining best practices for information security management systems, from the Certification Partner Global FZ LLC.
The energy major announced this in a recent statement, saying it has become the first African oil and gas company to receive the ISO 27001 certification.
Speaking at the certificate presentation ceremony, the Group Chief Corporate Services and Operations Officer, Oando, Mr. Zubairu Muntari, was quoted as saying: “This is a significant achievement for Oando.
“By implementing and following the necessary steps to comply with this standard, we can identify, control, and eliminate security risks, ultimately validating the security practices
adopted within the organisation.
“The certification also means that we are able to provide our stakeholders with a higher degree of confidence in the quality and stability of data security and further validating our commitment to the highest standards of information security.”
According to the statement, the Head of IT, Oando Group, Mr. Idris Musa, who directed the project attributed the success to the commitment by management towards managing business compliance and operational risks associated with the use of information systems and digital assets.
“The investment in ISO 27001 enterprise security framework have allowed us structure and implement modern security controls in a complete and cohesive manner thereby strengthening our data and
information system governance,” Musa said.
Also commenting on the certification, the Chief Operating Officer, Digital Encode Limited, Dr.
Obadare Peter, said: “Essentially, the certification aims to establish and put in place good information security practices across the Oando Group.
“The certification is proof that the
Company’s systems and processes have been audited against international best practice,
positioning Oando as operating to global standards.”
ISO 27001 certification is one of the most widely recognised and internationally accepted
information security standards.
The certification is the global standard for information security management system, part of the ISO/IEC 27000 family of standards published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee.
The certification specifies a management system that is intended to bring information security under management control and gives specific requirements.
Organisations that meet the requirements may be certified by an accredited certification body following the successful completion of an audit.