Manage Cookie Consent

At LOTUS Bank, we respect your privacy concerns and are committed to protecting your personal data. Like many websites, we use cookies on this website to enhance and personalize your experience. Find out more about cookies by reading the privacy notice, which contains further information about the cookies and other technologies we use. By clicking the “ACCCEPT” icon, you agree to our use of cookies and similar technologies.

LOTUS BANK

Licensed by CBN

IMS Policy Statement

Integrated Management System Statement

LOTUS Bank is committed to improving its information security posture, resilience of its operations in the face of unforeseen events and disruptions, and as well as ensuring the optimal delivery of quality services. At LOTUS Bank, we are driven by our vision, which is to consistently provide innovative solutions that drive ethical prosperity for all stakeholders.

LOTUS Bank has implemented and is certified to global best practice standards and frameworks which include ISO 22301 (Business Continuity Management System), ISO 27001 (Information Security Management System), and ISO 20000 (Information Technology Service Management System). The implementation was conducted by harmonizing all activities together, which resulted in the Integrated Management System (IMS).

As a forward-looking organization, we are also committed to the effective implementation, maintenance, and continual improvement of the management systems to support the achievement of our business goals.

The Management has outlined the following objectives for the Integrated Management System (IMS), standards, and regulations with which the Bank is certified and comply with:

ISO 22301 - Business Continuity Management System Objectives
  • Ensuring that the Bank has a workable continuity plan that will enable acceptable standards of service to be provided to business-critical groups within defined and agreed timescales.
  • Ensure that business continuity risks are identified, assessed, and treated consistently across the Bank.
  • Ensure 90% testing of all business continuity plans annually.
  • Ensure 100% completion of business Impact analysis (BIA) determining recovery resource requirements for critical/scoped processes and functions.
  • Ensure a fit-for-purpose IT service continuity capability is in place for critical systems and applications providing 95% uptime for supporting business functionality.
  • Protect staff and stakeholder interests giving due importance to the safety of the people
  • Ensure 100% compliance with Business Continuity policies and applicable legislation, regulations, and contractual obligations.
ISO 20000 - Information Technology Service Management System Objectives
  • Ensure 95% of service requests, and incidents are resolved within SLA
  • Achieve a 90% average level of customer satisfaction in IT services and solutions
  • Ensure the availability and continuity of IT services
ISO 27001 - Information Security Management System Objectives
  • To ensure 95% confidentiality, integrity, and availability of customers' data and the bank's information assets.
  • To ensure that 90% of employees and contractors are aware of and fulfill their information security responsibilities.
  • To achieve 90% optimization of security solutions by deploying cost-effective tools and avoiding similar purchases of security tools.
  • To attain 100% compliance with legal, statutory, regulatory, and contractual obligations that pertain to information security.
LOTUS Bank’s Executive leadership is committed to proactively:
  1. Support the implementation of necessary capabilities to ensure the continuity of its critical business functions in the event of a major disruption or disaster, and to ensure the recovery of those critical functions to an operational state within an acceptable timeframe.
  2. Support the development of the Business Continuity Capability as a strategic asset with adequate resources and capabilities, including approving an appropriate budget where necessary to achieve the required Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
  3. Ensure that Integrated Management System (IMS) objectives are set and that adequate resources are allocated to achieve them. The IMS objectives shall be consistent with business requirements and compatible with the strategic direction of the Bank.
  4. Support the achievement and maintain compliance with ISO 27001, ISO 20000, and ISO 22301, Payment Card Industry Data Security (PCI DSS), and Nigeria Data Protection (NDP) Act 2023.
  5. Review service level metrics on an annual basis to assess whether it is appropriate to change them, based on collected historical data and customer feedback.
  6. Obtain ideas for improvement through regular meetings with customers and stakeholders.
  7. Raise the awareness of all employees and stakeholders to ensure that the benefits of achieving the IMS objectives are understood.
  8. Ensure that all employees are made aware of and understand the related policies, procedures, and supporting documentation through training and the provision of information.
  9. Confirm compliance through formal Internal Audits and management reviews, which will be conducted at least annually.

This policy is publicly available to all interested parties and is reviewed periodically to take account of applicable local, statutory, regulatory, and customer requirements and any changes in business activity.

This Policy applies to all Bank employees, its contractors, its consultants, and other individuals affiliated with Third Parties who have access to the Bank’s information or business interests.

chat-icon