A large number of banks – around 50 to 80 per cent – in the UAE do not have global security standards in place to manage and protect information assets of their clients, according to global management systems and certification solutions institutions.
Less than a quarter – around 20 per cent – of banks in the UAE comply with the International Organisation for Standardisation's (ISO) requirements to protect the personal data and information system of their customers, said Omar Rashid, Sales and Marketing Manager, Middle East and Africa at British Standards Institution.
Ahmad Al Khatib, GM at BSI, told Emirates Business: "In the UAE, less than 50 per cent of banks have so far applied for the ISO 27001:2005 certification. Interest in the certification has increased only in the past couple of years and therefore there is a long way to go. RAK Bank has had ISO 27001 certification for some time and a number of other local banks are now interested. The MNC banks have been certified at their head offices and tend to comply under the same IT framework."
ISO:27001 is an information security standard that helps a financial organisation to manage and protect information assets.