LPBank Achieves ISO/IEC 27001:2022 Certification and PCI DSS v4.0.1 Assessment Completed

LPBank, the Lộc Phát Việt Nam Joint Stock Commercial Bank (LPBank), has achieved ISO/IEC 27001:2022 certification for its Information Security Management System (ISMS) issued by the British Standards Institution (BSI) and completed an assessment under PCI DSS v4.0.1. The bank said the results reflect its governance capabilities and compliance with international information security standards.

ISO/IEC 27001:2022 certification and independent assessment

ISO/IEC 27001:2022 is the latest version of the international standard for information security management. It sets stringent requirements for establishing, operating, and continuously improving an ISMS to identify, control, and mitigate information security risks in a complex digital environment.

BSI’s independent assessment was implemented across LPBank’s systems, from core banking infrastructure to digital platforms and customer data systems. LPBank said the assessment results show it has built effective controls to protect information flows and important transactions within a multi-layer security architecture.

The bank noted that completing the transition and achieving certification in ISO/IEC 27001:2022 demonstrates proactive efforts to raise security standards and reinforces its commitment to protecting information assets and maintaining customer trust.

“We highly value LPBank's systematic approach and long-term orientation in integrating risk governance, internal controls and technology to protect data in a constantly evolving digital environment. This foundation helps the organization enhance cyber resilience and maintain customer trust.”

According to LPBank, building and operating an internationally standardized governance system typically takes at least six months. However, with decisive leadership and coordinated execution, the bank shortened the timeline to three months.

PCI DSS v4.0.1 assessment for card payments security

LPBank also completed the PCI DSS v4.0.1 assessment. ControlCase, an independent security assessment organization, issued a Letter of Comfort confirming that LPBank’s card processing system meets the strict compliance requirements and is in the process of obtaining the official certificate.

The bank said compliance with PCI DSS v4.0.1 is intended to increase the rate of blocking suspicious transactions, support the expansion of diverse card services, and enhance customer experience through safe and fast payments, particularly for online card transactions.

LPBank stated that its card infrastructure and operating processes meet all 12 core requirements of PCI DSS v4.0.1, including establishing secure networks, encrypting card data across the lifecycle, implementing strict access controls with multi-factor authentication (MFA), and operating 24/7 security monitoring.

“In the context of rapid digital transformation, information security is not only a technical requirement but a foundational platform to enhance customer experience, strengthen trust, and realize LPBank's customer-centric orientation.”

Digital banking expansion with a security-first approach

LPBank said it has launched the new generation digital banking app, LPBank Plus, described as AI-first and integrating artificial intelligence into the transaction experience. The app is built around three core values—Simple, Smart, and Safe—and operates on a multi-layer security model complying with international standards, including ISO/IEC 27001:2022.

The bank said strengthening its security foundation and developing digital products supports its goal of becoming a modern digital bank, where technology and information security together deliver a trusted financial experience for customers.