/
Information Security Management at OnePipe Limited

Information Security Management at OnePipe Limited

Last Updated: 26 October 2025

At OnePipe Limited, protecting information assets, maintaining the trust of our partners, and ensuring uninterrupted financial services are at the heart of our operations.

To achieve this, we have established an Information Security Management System (ISMS) aligned with the ISO/IEC 27001:2022 standard and supported by our leadership, employees, and technology partners.

Our Commitment to Information Security

We are committed to maintaining, monitoring, and continually improving our information security management system to protect the confidentiality, integrity, and availability of information entrusted to us.

Our ISMS is designed to exceed the expectations of our stakeholders, including customers, financial institutions, regulators, and service partners, while meeting all applicable legal, regulatory, and contractual obligations under:

  • The Central Bank of Nigeria (CBN) IT Standards Blueprint (v2.1)

  • The Nigeria Data Protection Act (NDPA 2023)

  • The Payment Card Industry Data Security Standard (PCI DSS)

  • Other relevant national and international standards applicable to our business.

Our Information Security Policy Statements

To uphold this commitment, OnePipe shall:

  1. Safeguard information assets from unauthorized access, alteration, disclosure, or destruction.

  2. Preserve the confidentiality, integrity, and availability of data processed, stored, or transmitted within our systems and by our partners.

  3. Ensure compliance with all applicable legal, regulatory, and contractual requirements, particularly those relevant to the fintech and payment ecosystem.

  4. Continuously assess and manage information security risks, ensuring that appropriate controls are implemented and effective.

  5. Respond swiftly and effectively to security incidents, minimizing potential impact and maintaining business continuity.

  6. Maintain ongoing awareness and training, ensuring all personnel understand their roles and responsibilities in safeguarding information.

  7. Establish and review measurable information security objectives, aligned with the organization’s strategic direction and business goals.

  8. Drive continual improvement of the ISMS and its supporting processes through regular monitoring, internal audits, and management reviews.

Leadership and Governance

Our leadership provides clear strategic direction, ensures the allocation of adequate resources, and fosters a culture of security across all departments. The Information Security Steering Committee and Information Security Manager are responsible for oversight of the ISMS, ensuring that information security remains embedded in our corporate governance structure.

All employees, contractors, and third-party service providers are required to comply with OnePipe’s security policies and procedures, and to actively contribute to maintaining the confidentiality, integrity, and availability of information assets.

Continuous Improvement

Information security is not a one-time activity. it is a continuous process of learning, adaptation, and improvement.
We conduct regular risk assessments, internal audits, and reviews to identify opportunities for enhancement, strengthen our resilience, and ensure that our ISMS continues to support the evolving needs of the business and our stakeholders.

Conclusion

At OnePipe, information security is more than a compliance requirement — it is a fundamental part of our trust framework. We are committed to maintaining a secure, resilient, and transparent financial technology ecosystem that enables confidence for our customers, partners, and regulators.