INTEGRATED MANAGEMENT SYSTEM POLICY STATEMENT
Access Bank Zambia is committed to improving its information security posture, and the resilience of its operations in the face of unforeseen events and disruptions, as well as ensuring the optimum delivery of financial services.
Access Bank Zambia has implemented and is certified to best practice standards and frameworks which include ISO 22301 (Business Continuity Management System), and ISO 27001 (Information Security Management System). The implementation was conducted by harmonizing all activities together, which resulted in the Integrated Management System (IMS).
As part of its continued growth strategy, Access Bank is focused on mainstreaming sustainable business practices into its operations. We are also committed to the effective implementation, maintenance, and continual improvement of the management systems to support the achievement of our business goals.
Management has outlined the following objectives for the Integrated Management System which the Bank is certified to:
Access Bank Zambia’s Executive leadership is committed to proactively:
- IMS 1- Minimize impacts on stakeholders by protecting all (at least 85%) critical resources through a coordinated IMS approach.
- IMS 2- Minimize loss of revenue by ensuring 99.9% optimal uptime of critical services and product delivery.
- IMS 3- develop and maintain a robust and enduring information security plan that ensures 99% confidentiality, integrity and availability of the critical assets, and continuity response for 100% of the critical areas and the activities identified.
- IMS 4- Exercise and test 90% continuity arrangements and plans to ensure suitability.
- IMS 5- Ensure 100% adherence to regulatory and legal requirements that pertain to Information security, annuall
- IMS 6- Improve skill capability annually by 80% for IMS resources and 100% for critical resources to enable consistent and excellent delivery of products and services.
- Implement the necessary capabilities to ensure the continuity of its critical business functions in the event of a major disruption or disaster, and to ensure the recovery of those critical functions to an operational state within an acceptable timeframe.
- Ensure that Integrated Management System (IMS) objectives are set and that adequate resources are allocated to achieve them. The IMS objectives shall be consistent with business requirements and compatible with the strategic direction of the Bank.
- Obtain ideas for improvement through regular meetings with customers and stakeholders.
- Raise the awareness of all employees and stakeholders to ensure that the benefits of achieving the IMS objectives are understood.
- Ensure that all employees are made aware of and understand the IMS policy, procedures and supporting documentation through training and the provision of information. Compliance will be confirmed because of formal internal audits and management reviews, which will be conducted at least annually.
- Continually improve the effectiveness of the IMS across all areas within scope.
- Enhance current processes to bring them into line with good practice as defined within ISO 27001 and ISO 22301.
- Achieve certification to the Information Security Management System, and Business Continuity Management System and maintain them on an ongoing basis.
- Increase the level of proactivity (and the stakeholder perception of proactivity) about the ongoing management of the IMS.
- Make processes and controls more measurable to provide a sound basis for informed decisions.
This policy is publicly available to all interested parties and is reviewed periodically to take account of applicable local, statutory, regulatory, and customer requirements and any changes in business activity.
This Policy applies to all Bank employees, its contractors, its consultants, and other individuals affiliated with Third Parties who have access to the Bank’s information or business interests.
Lishala C. Situmbeko
Managing Director, Access Bank Zambia