Auditor-General’s ISO Certification Sets Benchmark for Public Sector Information Security
24Apr’25
The Office of the Auditor-General (OAG) has attained the ISO/IEC 27001:2022 certification, marking a significant milestone in its efforts to strengthen information security, institutional efficiency and public trust.
Awarded by the Kenya Bureau of Standards (KEBS), the certification affirms OAG’s commitment to managing sensitive data in accordance with globally recognised standards. ISO/IEC 27001:2022 Standard is the international benchmark for Information Security Management Systems (ISMS), providing a structured framework for securing information assets, managing risk and enhancing operational resilience.
Speaking during the award ceremony, Auditor-General FCPA Nancy Gathungu, CBS, underscored the certification’s role in reinforcing accountability in public service.
“This achievement demonstrates our dedication to safeguarding audit information and supporting the pillars of transparency and accountability outlined in our Strategic Plan. It is a critical step in enhancing public confidence in our systems and processes”, she said.
The ISO/IEC 27001:2022 Standard enables organisations to identify and mitigate security risks, protect data integrity and ensure business continuity in the face of potential disruptions. For the OAG which manages large volumes of confidential audit and financial records, the certification highlights a proactive approach to data protection and institutional governance.
The ISO/IEC 27001:2022 Standard enables organisations to identify and mitigate security risks, protect data integrity and ensure business continuity in the face of potential disruptions. For the OAG which manages large volumes of confidential audit and financial records, the certification highlights a proactive approach to data protection and institutional governance.
Esther Ngari, Managing Director of the Kenya Bureau of Standards (KEBS), congratulated the OAG, describing the achievement as a strong example of leadership in public sector digital transformation. She emphasised that certification is not a one-time achievement but part of a continuous improvement process that involves regular audits, management reviews, and sustained commitment.
“The journey to ISO certification is commendable, but maintaining it is even more critical. KEBS remains committed to supporting you through ongoing technical guidance and annual evaluations,” she said.
The certification positions the Office as a benchmark for other public institutions seeking to align with international best practices. It also supports the implementation of the Data Protection Act, 2019, by embedding robust security protocols and compliance mechanisms within the Office’s operations.
