Security Policy


The Board and Management of Heritage Bank PLC, located at 143 Ahmadu Bello Way, Victoria Island, Lagos is committed to preserving the CONFIDENTIALITY, INTEGRITY and AVAILABILITY of all the physical and electronic information assets throughout the organisation, in order to preserve its assets, legal, regulatory as well as contractual obligations, compliance and reputation. Information and information security requirements will continue to be aligned with organisational goals and the Information Security Management System (ISMS) is intended to be an enabling mechanism for information processing, sharing, storage, electronic operations and reducing information related risks to an acceptable level.

Heritage Bank is committed to providing quality services to our customers, both internal and external by aligning Information Technology investments with organisational goals. The Bank has aligned its processes and operations to the ISO27001, ISO22301, ISO20000 standards and PCIDSS requirements to ensure business continuity, cyber resilience, protection of its information asset and maximization of benefit/returns on IT investments.

It is therefore our policy to ensure that;
  • Heritage Bank’s current strategy and Information Security and Risk Management framework provides the context for identifying, assessing, evaluating and controlling information-related risks through establishment and maintenance of the ISMS, BCMS and SMS. The Information Security risk assessment, Statement of Applicability and risk treatment plan identify how information – related risks are controlled in alignment with Heritage Bank’s risk management strategy.
  • Business continuity and contingency plans, data backup procedures, access control to systems, incident management and reporting are fundamental to this policy. All employees of Heritage Bank shall have the responsibility of reporting information security breaches and other incidents.
  • IT service management will ensure that IT services are well planned, designed, managed and delivered to derive high-quality IT service standards and maximum utility from IT investments
  • All employees of Heritage Bank and external parties identified in the Management Systems are expected to comply with this policy. All staff and certain external parties will receive or be required to provide evidence of receiving appropriate training.
  • The Chief Information Security Officer (CISO) is the owner of this document and is responsible for ensuring that this policy document is reviewed and reapproved by the Board at least annually and in the event of relevant changes and/or incidents.
  • Breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of employment/contract as well as legal action in line with the Cybercrime Prohibition Act 2015.