KEBS Managing Director Esther Ngari with Auditor General Nancy Gathungu/HANDOUT
The Kenya Bureau of Standards (KEBS) has lauded the Office of the Auditor General (OAG) for attaining ISO/IEC 27001:2022 certification, marking a historic milestone in the country's push toward global standards in information security and public accountability.
Speaking during the award ceremony, KEBS Managing Director Esther Ngari hailed the achievement as a "powerful statement of leadership and vision" that places the OAG at the forefront of digital governance and data protection in the public sector.
“This certification is far more than a technical milestone — it affirms the Office of the Auditor-General’s commitment to excellence, transparency, and accountability in public service,” Ngari said.
She stated that this demonstrates that the institution is not only meeting but exceeding international benchmarks in safeguarding information assets. ISO/IEC 27001:2022 is the globally recognised standard for Information Security Management Systems (ISMS), designed to help organisations manage the security of sensitive data. ISO stands for the International Organization for Standardization.
It is an independent, non-governmental international body that develops and publishes international standards to ensure quality, safety, efficiency, and consistency across industries and sectors.
It develops voluntary, consensus-based standards across diverse areas, including quality management (ISO 9001), information security (ISO/IEC 27001), environmental management (ISO 14001), occupational health and safety (ISO 45001), as well as food safety, manufacturing, construction, and energy.
For the Auditor General, whose office handles vast volumes of confidential financial and audit records, the certification serves as a critical tool in ensuring data integrity, confidentiality, and availability.
Ngari noted that the certification directly supports key pillars in the OAG’s Strategic Plan, particularly the priorities aimed at boosting credibility, operational efficiency, and stakeholder trust.
“By embedding world-class security controls, the Auditor-General is fortifying its digital infrastructure and strengthening the foundation of national accountability,” she said during the event attended by Auditor General Nancy Gathungu among other senior officers from the office.
"In an age where cyber threats are increasingly complex, this step signals readiness to lead from the front in protecting national data assets.”
Ngari emphasised that certification is not a one-time achievement but a continuous journey requiring vigilance, internal audits, and commitment to improvement-a journey she said KEBS is ready to support.
“As your trusted certification partner, KEBS remains committed to providing ongoing support through annual audits and technical guidance,” she said.
The MD also encouraged the Auditor General to consider adopting ISO/IEC 22301, a business continuity standard designed to help institutions respond effectively to disruptions.
She further invited the OAG to participate in the upcoming 5th Annual ISMS Conference in June 2025.
“This achievement elevates not only your institution but the entire country,” said Ngari.
"It shows that Kenya’s public institutions are future-focused, resilient, and aligned with global best practices.”
