Mwalimu Mobile Banking
Data Protection and Management
In order to ensure the protection of information in custody and sensitive data, the following should apply to Mwalimu Commercial Bank Plc staff and contractors: –
- Any Mwalimu Commercial Bank Plc data that is kept on removable media such as external hard drives and flash disks should be protected by password or encryption. This applies to other mobile devices that have Mwalimu Commercial Bank Plc data (they should be password protected).
- All Confidential Information and data should always be encrypted when stored or during o Mwalimu Commercial Bank Plc, unless it’s in line with his/her job role and responsibility. Where there is doubt, the relevant management should be contacted for clarification.
- Information collected, owned and/or controlled by Mwalimu Commercial Bank Plc during the cause of business should not be disclosed to outside people, party, or organizations unless there is authorization from bank management. This include directors & employees’ information, customer details, vendor/partner/third-party details that is in custody of Mwalimu Commercial Bank Plc.
- No unauthorized copies or duplication is allowed unless it is for Mwalimu Commercial Bank Plc business activities.
- The country laws related to data protection should be observed all the time unless directed otherwise by relevant country authority.
- Users with Laptop should store minimum quantity of Mwalimu Commercial Bank Plc information on local storage and they should ensure that there is a backup kept in the shared drives.
- Users other than laptop users, are prohibited from storing company information on local drives in order to preserve storage space and to prevent the loss of files and confidential information in the case of a hardware failure or theft
Information Security and Protection
Information security and protection is critical to Mwalimu Commercial Bank Plc in order to preserve: –
Confidentiality – Access to programs and data shall be confined to those with appropriate authority.
Integrity – Information shall be complete and accurate. All systems, assets and networks shall operate correctly, according to specification.
Availability – Information shall be available and delivered to the right person, at the time when it is needed
Mwalimu Commercial Bank Plc, will take all appropriate measures to protect the systems, information and data of the company through various measures, including but not limited to; physical access to computer/laptop machines, the assignment of unique user IDs and passwords and relevant access privileges to the users based on job roles and responsibilities, the logging and monitoring of user activities on authorized systems and networks, the installation of security protection and monitoring systems that includes firewalls & anti-virus software.
All users (employees, contractors, partners, support teams, etc.) granted access to Mwalimu Commercial Bank PLC network, systems and data are responsible for Information and security as specified hereunder: –
- All Mwalimu Commercial Bank Plc system users are responsible for their use or misuse of confidential information. The users should not in any way disclose, copy, release, sell, loan, review, alter or destroy any information except it has been authorized properly and within their scope of professional responsibilities. No unauthorised copies of Mwalimu Commercial Bank Plc information, policies, procedures or any intellectual property or material should be allowed to produce. Appropriate and suitable measures should be taken to protect confidential information wherever they are located and in any form.
- Staff and contractors (users) must protect/safeguard any physical key, alarm code, ID card or computer network account that in their possession and allows access to confidential information. Care should be taken when creating pins or password and avoid using common ones that can be easily traced.
- Where there are suspicious activities that might lead to compromise confidential data and/or information, effort should be established to report the incident to supervisor, line manager or head of department.