PenCom Attains ISO 27001:2013 Certification For ISMS

PRESS RELEASE—The National Pension Commission at the weekend said it has attained ISO 27001:2013 Certification For
Information Security Management System (ISMS).

This was disclosed by the commission’s media department, that ISMS provides a systemic approach to effectively manage the risks associated with an organization’s information assets by using well defined processes, technology and people.

The commission added that the ISMS of the commission was designed to achieve the ISO 27001:2013 Standard, which is an internationally recognized set of information security standards that govern the security of information assets such as intellectual property, financial information, employee information, as well as information entrusted by third parties.

The Standards,the commission said are published by the international Organization for Standardization (ISO)and the International Electrotechnical Commission (IEC).

The Commission had been evaluated by the Professional Evaluation and Certification Board (PECB) in all core areas of its operations and its ISMS was certified to be in compliance with the ISO 27001:2013 Standard in all the core areas of its operations.

Accordingly, the Certificate of Compliance was issued to the Commission on 8 January 2021.

As the regulator of the Nigerian pension industry and custodian of National Databank on pension matters in the country, this certification is an important demonstration of the Commission’s commitment to the highest standards of confidentiality, integrity and availability of data on contributors, retirees and stakeholders in the pension industry.

It is also an affirmation that the Commission had put in place, business controls and management processes to safeguard its information assets from threats and vulnerabilities.

It further recognized the Commission’s
implementation of an effective information security system that complies with one of the most stringent international standards in the identification, evaluation and effective management of the risks associated with its information assets.