A leader in the fast-moving consumer goods (FMCG), Flour Mills of Nigeria Plc, recently passed the PECB ISO 27001certification audit for its information technology (IT) and cybersecurity framework and policies.
This certification has placed Flour Mills of Nigeria PLC as the foremost Nigerian firm in the FMCG sector to be presented with such a certification. ISO 27001 (Information Security Management System) is the most recognised international standard for information security management for any organisation globally. It provides clear processes for effective implementation and continuous mitigation to data/security breaches for any organisation. This certification has placed Flour Mills of Nigeria PLC as an organisation that is in line with the global best practices when it has to do with cybersecurity and data breaches.
The PECB ISO 27001 Certification was facilitated by Nigeria’s cybersecurity firms, Kecam Technologies Limited and DataSixth CyberSecurity Limited. These firms in line with an internationally recognised audit firm conducted a series of interviews, ensured that the right implementation was in place and also guided the organization to achieve the PECB ISO/27001 certification.
On the importance of the certification, the group managing director/CEO, Flour Mills of Nigeria Plc, Omoboyede Olusanya, said: “We appreciate this certificate and the credit should go to the team that ensured that this happened. This is a document that shows that we have done something and we are very particular in the areas of cybersecurity. We are desirous to build a world-class organisation. It is a process that is ingrained, there is a continuous stride that we have here. We will keep improving.”
Speaking to the media, the group head, information technology (IT), Flour Mills of Nigeria PLC, Serge Yao, said: “This certification brings reassurance to the business’ cybersecurity posture. It proves that we have a well-defined system to handle cyber-attacks and cybersecurity. This certification testifies that FMN takes seriously the confidentiality of information asset and IT risks controlled (financial loss and damage to reputation are mitigated). We started our cybersecurity programme 14 months ago; the organisation was engaged and I want to thank the FMN leadership team for the continuous support. It has been a transformational journey for all our employees toward cybersecurity. Weak areas were exposed and rectified. Globally, targets for cyber-attacks have shifted toward manufacturing firms; so, we must mitigate IT risks and potential damage. We are the first indigenous FMCG to be certified and many more will follow for sure. This is a beginning and we will continue to follow the best practices and ensure that we have our recertification next year.”
On the importance of certification, the chief executive officer, Kecam Technologies Limited, an indigenous cybersecurity company in Nigeria, Bonny Mekwunye, said: “About 10.5 trillion dollars will be the cost of cybercrime by the year 2025. Basically, this means that many organisations will be exposed to cyber-attack, organisations must start thinking how to build their cyber security frameworks such as people, processes and technology.
“This is where ISO certification comes in. This is a globally recognised body designed for organisations that are desirous and serious to look into their cyber security processes. Flour Mills Nigeria PLC has seen the relevance to protect their digital infrastructure and we were invited to provide a consulting service with our other partner which is DataSixth CyberSecurity Limited. This certification means that they are globally recognised in data security, just like other big firms in the world.”
In her comments, the country manager, DataSixth CyberSecurity Limited, Happiness Obioha, said: “This certification is all about data security for the organisation and the need to have a round-the-clock continuous protection. This is a bold step for Flour Mills of Nigeria PLC. There is cyber resilience and they are sure that their critical infrastructure is protected. This certification demonstrates that the organisation is digitally inclined and equal to the task in the area of cybersecurity. This certification will build a lot of morale, trust and confidence for the organisation and its stakeholders.”
The ISO 27001 is a globally accepted certification for organisations desirous of strengthening the IT and cybersecurity frameworks. It uses a top-down, risk-based approach and, most times, is technology-neutral. The approach mostly is in six phases such as the organisation’s security policy, the scope of their information security management system, risk assessment, how they manage identified risks, how objectives and controls are implemented and statement of applicability.
