MANAMA, BAHRAIN – 28 January 2014 – Ithmaar Bank, a Bahrain-based Islamic Retail Bank, earned international recognition for its information security processes when it was formally awarded the ISO27001 certification.

The certification process involved a rigorous audit, which was conducted by Bureau Veritas, on the Bank’s Information Security Management System. Lead auditors from Bureau Veritas performed detailed evaluation and assessment across the Bank against the criteria set out by the ISO 27001 standard. Established in 1828, Bureau Veritas is a global leader in Testing, Inspection and Certification services, with operations in more than 140 countries

Ithmaar Bank Chief Executive Officer, Ahmed Abdul Rahim, received the ISO 27001 certificate from the Bureau Veritas Chief Executive for Bahrain, Zulfiqar Haider, at an official ceremony at Ithmaar Bank headquarters.

“The ISO27001 certification is a result of Ithmaar Bank’s focus on adopting and implementing global standards and best practices to ensure the effectiveness, efficiency, confidentiality and integrity of all our day to day IT operations,” said Abdul Rahim. “I congratulate our team for meeting and setting global standards that has been officially recognized through this ISO certification,” he said.

“At Ithmaar Bank, we have always considered our customers’ data to be of vital importance and earning the prestigious ISO 27001 certification confirms just how seriously we take security of this data,” said Ithmaar Bank Head of Information Technology Department, Yousif AlKhan. “This accreditation will further enhance customer confidence and reinforces Ithmaar’s position as a pioneering Islamic retail Bank. It also sets the stage for the launch of new, innovative electronic services for our retail and corporate customers,” he said.

The ISO 27001 standard provides a robust model for information security risk assessment and security design, implementation, and management,” said AlKhan. “With its comprehensive approach, the Standard helps ensure the adoption of appropriate security controls that protect the information of customers and other stakeholders,” he said.

ISO27001 certification requires, for example, that the management systematically examine the Bank’s information security risks, taking account of the threats, vulnerabilities, and impacts; to design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment to address those risks that are deemed unacceptable; and to adopt an overarching management process to ensure that the information security controls continue to meet the Bank’s information security needs on an on-going basis.