Bancolombia continuously seeks to improve its capacity in the governance of Cybersecurity and Information Security.
Our processes are referenced in international standards of information security, in addition to the most relevant national and international regulations.
Our strategy is part of the development of the competitive strategy defined by the businesses, as well as the Corporate strategy of the Bancolombia Group, through the enabling of capabilities that ensure the confidentiality, integrity and availability of information, contributing to the trust of our customers and improving the internal user experience, also seeking that cybersecurity is part of the daily life of all people.

Our integral security strategy covers:

Information security.
Cybersecurity.
Personal data protection.
Fraud management.

Z7_OHHGG4G0PO2AF0QF52C27SIDE2

Mauricio Botero Wolff

VP Customer and Employee Services

Mauricio Botero Wolff

VP Customer and Employee Services

Currently Vice President Customer and Employee Services of Grupo Bancolombia where he has worked for 22 years. He has served as Director of Corporate Projects, Director of Planning and Projects, Manager of Procurement Integration, Manager of Investor Relations and Corporate Trader.

He holds a degree in Management Engineering from the School of Engineering of Antioquia. He has a specialization in economics from Universidad de los Andes and an MBA as a Fulbright Emory University scholar (Atlanta, USA). He is currently the chairman of the cybersecurity and fraud prevention committees of the Banking Association and member of several Boards of Directors.

Management Model

Cybersecurity Government

Within the Cybersecurity Governance of Bancolombia, the ISMS (Information Security Management System) has been implemented to manage the Organization's information security, through policies, standards, baselines, methodologies, governance frameworks and maturity models, which have an annual cycle of continuous improvement and are shared with employees and third parties that have work and commercial relations with the Organization.

The ISMS of the Bancolombia Group is managed through:

Government Frames

ISO/IEC 27001:2013

NIST CSF (National Institute of Standards and Technology – Cyber Security Framework).

Maturity Models

The CMM and ITIL models are used to measure the maturity of information security and cybersecurity, respectively. Each model has defined levels to evaluate the controls of the governance frameworks.

Politics

Cybersecurity and Information Security Policies are in place to establish the Organization's intention regarding the treatment of risks associated with information. They are reviewed annually by the areas concerned and approved by the Board of Directors.

Standards

They contain mandatory guidelines that support policy compliance and ensure consistency of security in the organization.

Cybersecurity Committee

The purpose of the Cybersecurity and Information Security Committee in Grupo Bancolombia is to approve and promote the most important security policies, strategies and projects, to be informed and make decisions on the controls associated with cybersecurity and information security events.
It also periodically evaluates the degree of compliance with the defined cybersecurity and information security strategic plan.
It meets quarterly and is made up of the following permanent members:

Vice President Corporate Services.
Vice President Corporate Services Banco Agrícola.
Vice President Corporate Services Banistmo.
Divisional Manager of Corporate Services BAM.
Vice President Curtomer and Employee Services (CSO).
Corporate Vice President of Human Resources.
Corporate Vice President of Risk.
Vice President Corporate Services – Nequi
Wompi Director

May participate as permanent guests:

Leader of Corporate Cybersecurity and Information Security Enviroment (CISO).
Vice President of Corporate Audit
Vice President of Technology Services
Directors of Security Banistmo, Banco Agrícola and BAM.

In addition, the people who are invited for the purpose of informing and developing the different plans in favor of integral security. For the evaluation of fraud behaviors, the Fraud Management Committee is held, where this issue is specifically evaluated.

Participation of Cybersecurity, Information Security and Fraud Management in other committees:

Audit Committee Grupo Bancolombia: composed of members of the Board of Directors and other participants.
Risk Committee Grupo Bancolombia: made up of members of the Board of Directors and other participants.

More details on the risk and audit committees can be found in the Code of Good Governance.

See more icon-arrow2-down

Cybersecurity and Fraud Management Reports

Cybersecurity and Information Security Management Report

Audience: Board of Directors

Frequency: semi-annual, July - January

Content: progress of the strategy, half-yearly achievements, main figures, relevant issues of the semester.

Security Report

Audience: President, Corporate Vice President and Vice President of Administration and Security and selected Directors.

Frequency: monthly

Content: figures, strategic indicators and relevant topics.

Security report

Audience: Teams and specific positions

Frequency: weekly

Content: figures, strategic indicators and relevant topics.

Cybersecurity and Fraud Management Processes

In Grupo Bancolombia, the Cybersecurity, Information Security and Fraud Management processes are defined in accordance with the best practices of COBIT 2019 – NIST – ISO27000:

Governance of Cybersecurity and Information Security: ensures the definition, implementation and monitoring of the strategy and governance of cybersecurity and information security, for the treatment of the Organization's risks, in accordance with the applicable regulations and best practices.
Protect information assets: secures the critical information assets identified and classified within the processes, to minimize information security risks based on the information protection governance model defined within the organization.
Securing digital services: protects the information assets that rest in the organization's digital systems, guaranteeing the coverage and risk level defined by the organization.
Identity and access management: manages Identities and access to systems, seeking compliance of access, treatment of risks of unauthorized access, compliance with organizational policies and regulatory requirements.
Monitor and respond to security events: prevent, detect, respond and recover from threats, events and incidents of cybersecurity and information security that threaten the information and availability of the Bancolombia Group's services, in a timely and accurate manner, remedying in the shortest possible time.
Fraud management strategy: defines the transactional fraud management strategy and leads its development, in accordance with the risk profile of the channels and products, regulatory frameworks, policies and security standards, ensuring our customers' experience in the secure use of transactional channels.
Fraud management and containment: defines and leads the typification of fraud modus operandi, efficiently identifying any fraud and loss exposure to customers, employees and assets of Bancolombia, according to the needs of our customers, risk management, business requirements and operational support areas and thus, anticipate or react in a timely manner.
Special Investigation Services: investigates and monitors potential internal fraud and malpractice events in order to prevent, deter, detect and minimize internal fraud and malpractice.
Fraud management analytics: identifies fraud trends by performing information analysis, for the subsequent design and implementation of statistical models and monitoring rules that allow preventing, detecting and reacting to internal and external fraud events.
Fraud management services: leads, manages and integrally defines the service functions for potential customers or fraud victims, external fraud investigation processes, as well as the administration and management of the operation related to transactional monitoring.
Security of People and Physical Infrastructure: defines and leads the operation of Physical and Electronic Security of the Bancolombia Group, in accordance with risk management, customer expectations, standards and regulatory frameworks of the national territory, positively influencing the relationship with authorities, associations and control entities. In order to protect the technological and physical integrity of people (customers and employees), processes and assets.

See more icon-arrow2-down

Culture of Cybersecurity, Information Security and Fraud Management

We have implemented the strategy of Cybersecurity Culture for our employees, suppliers and the different segments of customers and users. Information Security and Fraud Management seek to bring security to the daily life of our relationship groups through a series of communication, awareness and training actions.

The issues raised are addressed from different fronts, defined for each audience according to their needs and the regulations that govern us in each of the geographies where the Bancolombia Group is present.

Z7_OHHGG4G0P8AVD06GQBJO2NHI95

investment