Housing Finance Bank Information Security Statement
Housing Finance Bank (HFB) has developed an Information policy in alignment to ISO/IEC 27001:2022 and international best practices. This demonstrates the Bank’s commitment to protecting customer, staff, and business information against evolving cyber and privacy threats.
The Bank’s commitment to safeguarding information through the protection of Confidentiality, Integrity, and Availability (CIA), while also addressing broader aspects of cybersecurity and privacy protection. The scope covers all activities relating to the processing, transmission, and storage of sensitive Bank and customer information.
Context and Commitment
As technology continues to evolve and reshape the financial services sector, Housing Finance Bank recognizes that technology is a critical enabler of business growth, innovation, and customer service delivery. The Bank is therefore committed to ensuring that all information systems, corporate networks, and technology resources are protected against unauthorized access, misuse, cyberattacks, and disruptions, while maintaining resilience and trust in our services.
Housing Finance Bank shall:
- Establish and maintain risk-based information security, cybersecurity, and privacy controls aligned with ISO/IEC 27001:2022.
- Identify, monitor, and address risks and opportunities relevant to the Bank’s operations and stakeholders.
- Periodically review and update operational and security procedures across all business functions.
- Comply with all applicable statutory, regulatory, and contractual obligations.
- Promote security awareness and training for staff, interns, service providers, third-party contractors, and system end-users.
- Manage and control access to business applications, systems, and services.
- Ensure effective incident management and response, supported by continuous improvement of detection and response capabilities.
- Manage and control remote working, mobile access, and teleworking sessions securely.
- Maintain and test Business Continuity and Disaster Recovery Plans to ensure resilience and security continuity.
- Ensure that supplier and third-party engagements are governed by contractual security obligations, NDAs, and appropriate technical and organizational controls.
- Securely manage and dispose of all data storage media in line with applicable data protection and privacy requirements.
- Safeguard information through the effective use of cryptographic and data protection technologies.
- Continuously improve the policy through measurable objectives, audits, management reviews, and performance monitoring.
Management Commitment
Housing Finance Bank Management is committed to:
- Meeting applicable legal, regulatory, and contractual requirements.
- Ensuring the continual improvement of the Information Security Policy.
- Integrating information security, cybersecurity, and privacy protection into business processes and decision-making.
Communication
This policy shall be communicated to internal staff and external interested parties (as defined in Section 4.2 of the ISO/IEC 27001:2022 Standard) through:
- Publication on the Housing Finance Bank website,
- Official internal channels (e.g., email, awareness sessions), and
- Shared with relevant external parties (e.g., regulators, suppliers, contractors) as part of contractual or regulatory requirements, alongside applicable Non-Disclosure Agreements (NDAs).
Any revisions to the Information Security policy shall be communicated promptly to all relevant stakeholders.
Housing Finance Bank Management
Michael Mugabi
Chief Executive Officer
