Safaricom PLC has been awarded the ISO 27701 Privacy Information Management System (PIMS) certificate following audit by the British Standards Institute (BSI).

This is the highest certification an organisation can attain in management of privacy information systems, as a data controller or processor.

The certification was issued on 16th October 2024 after assessing Safaricom’s levels of implementation of customer support, billing services, M-PESA and data centre operations.

It serves as a validation of Safaricom’s dedication to safeguarding customer data across its GSM and M-PESA services. It also confirms that the company adheres to globally accepted regulatory and technical standards in the implementation of privacy management systems.

This milestone complements Safaricom’s existing certifications in Information Security Management Systems (ISO 27001 – ISMS) and the Payment Card Industry Data Security Standard (PCI DSS version 4.0).

Read also: Safaricom’s value to Kenya jumps 8% to Sh983Bn

The assessment conducted by BSI took into account various critical elements related to Safaricom’s operations, including effective system controls for the protection of personal information, implementation of relevant policies including the Data Protection Policy.

Other areas covered included crucial systems such as the Customer Relationship Management (CRM), IP Contact Centre (IPCC), Tibco, Converged Billing System (CBS), Voucher Management System (UVC), M-PESA G2, M-PESA Statement Portal, M-PESA Super App, MySafaricom App, and the M-PESA business App.

“Attainment of the PIMS certification reaffirms our ongoing commitment to continuously improve our privacy and security measures, ensuring we provide exceptional experiences for our customers while safeguarding their private information,” said Peter Ndegwa, CEO, Safaricom.

Additionally, the company recently achieved the latest and highest level of PCI DSS Certification (upgraded from v3.21 to v4.0).