Bancolombia continuously seeks to improve its capacity in the governance of Cybersecurity and Information Security.
Our processes are referenced in international standards of information security, in addition to the most relevant national and international regulations.
Our strategy is part of the development of the competitive strategy defined by the businesses, as well as the Corporate strategy of the Bancolombia Group, through the enabling of capabilities that ensure the confidentiality, integrity and availability of information, contributing to the trust of our customers and improving the internal user experience, also seeking that cybersecurity is part of the daily life of all people.

Our integral security strategy covers:

Information security.
Cybersecurity.
Personal data protection.
Fraud management.

Juan Camilo Zuluaga Peralta

VP Customer and Employee Services

Juan Camilo Zuluaga Peralta

VP Customer and Employee Services

Currently the Vice President of Client and Employee Services at Grupo Bancolombia, where he has worked for 18 years. He has extensive experience as a Project Manager and Director of Origination and Collection.

He is an international negotiator and a finance specialist from EAFIT University in Colombia, holds an Executive MBA from Monash University in Australia, obtained through Bancolombia's Excellence Scholarship Program, and has also completed the Senior Management program at the Instituto de Empresa (IE) in Spain.

Management Model

Cybersecurity Government

Within the Cybersecurity Governance of Bancolombia, the ISMS (Information Security Management System) has been implemented to manage the Organization's information security, through policies, standards, baselines, methodologies, governance frameworks and maturity models, which have an annual cycle of continuous improvement and are shared with employees and third parties that have work and commercial relations with the Organization.

The ISMS of the Bancolombia Group is managed through:

Government Frames

ISO/IEC 27001:2013

NIST CSF (National Institute of Standards and Technology – Cyber Security Framework).

Maturity Models

The CMM and ITIL models are used to measure the maturity of information security and cybersecurity, respectively. Each model has defined levels to evaluate the controls of the governance frameworks.

Politics

Cybersecurity and Information Security Policies are in place to establish the Organization's intention regarding the treatment of risks associated with information. They are reviewed annually by the areas concerned and approved by the Board of Directors.

Standards

They contain mandatory guidelines that support policy compliance and ensure consistency of security in the organization.

Cybersecurity Committee

The purpose of the Cybersecurity and Information Security Committee in Grupo Bancolombia is to approve and promote the most important security policies, strategies and projects, to be informed and make decisions on the controls associated with cybersecurity and information security events.
It also periodically evaluates the degree of compliance with the defined cybersecurity and information security strategic plan.
It meets quarterly and is made up of the following permanent members:

Vice President Corporate Services.
Vice President Corporate Services Banco Agrícola.
Vice President Corporate Services Banistmo.
Divisional Manager of Corporate Services BAM.
Vice President Curtomer and Employee Services (CSO).
Corporate Vice President of Human Resources.
Corporate Vice President of Risk.
Vice President Corporate Services – Nequi
Wompi Director

May participate as permanent guests:

Leader of Corporate Cybersecurity and Information Security Enviroment (CISO).
Vice President of Corporate Audit
Vice President of Technology Services
Directors of Security Banistmo, Banco Agrícola and BAM.

In addition, the people who are invited for the purpose of informing and developing the different plans in favor of integral security. For the evaluation of fraud behaviors, the Fraud Management Committee is held, where this issue is specifically evaluated.

Participation of Cybersecurity, Information Security and Fraud Management in other committees:

Audit Committee Grupo Bancolombia: composed of members of the Board of Directors and other participants.
Risk Committee Grupo Bancolombia: made up of members of the Board of Directors and other participants.

More details on the risk and audit committees can be found in the Code of Good Governance.

See more icon-arrow2-down

Cybersecurity and Fraud Management Reports

Cybersecurity and Information Security Management Report

Audience: Board of Directors

Frequency: semi-annual, July - January

Content: progress of the strategy, half-yearly achievements, main figures, relevant issues of the semester.

Security Report

Audience: President, Corporate Vice President and Vice President of Administration and Security and selected Directors.

Frequency: monthly

Content: figures, strategic indicators and relevant topics.

Security report

Audience: Teams and specific positions

Frequency: weekly

Content: figures, strategic indicators and relevant topics.

Cybersecurity and Fraud Management Processes

In Grupo Bancolombia, the Cybersecurity, Information Security and Fraud Management processes are defined in accordance with the best practices of COBIT 2019 – NIST – ISO27000:

Governance of Cybersecurity and Information Security: ensures the definition, implementation and monitoring of the strategy and governance of cybersecurity and information security, for the treatment of the Organization's risks, in accordance with the applicable regulations and best practices.
Protect information assets: secures the critical information assets identified and classified within the processes, to minimize information security risks based on the information protection governance model defined within the organization.
Securing digital services: protects the information assets that rest in the organization's digital systems, guaranteeing the coverage and risk level defined by the organization.
Identity and access management: manages Identities and access to systems, seeking compliance of access, treatment of risks of unauthorized access, compliance with organizational policies and regulatory requirements.
Monitor and respond to security events: prevent, detect, respond and recover from threats, events and incidents of cybersecurity and information security that threaten the information and availability of the Bancolombia Group's services, in a timely and accurate manner, remedying in the shortest possible time.
Fraud management strategy: defines the transactional fraud management strategy and leads its development, in accordance with the risk profile of the channels and products, regulatory frameworks, policies and security standards, ensuring our customers' experience in the secure use of transactional channels.
Fraud management and containment: defines and leads the typification of fraud modus operandi, efficiently identifying any fraud and loss exposure to customers, employees and assets of Bancolombia, according to the needs of our customers, risk management, business requirements and operational support areas and thus, anticipate or react in a timely manner.
Special Investigation Services: investigates and monitors potential internal fraud and malpractice events in order to prevent, deter, detect and minimize internal fraud and malpractice.
Fraud management analytics: identifies fraud trends by performing information analysis, for the subsequent design and implementation of statistical models and monitoring rules that allow preventing, detecting and reacting to internal and external fraud events.
Fraud management services: leads, manages and integrally defines the service functions for potential customers or fraud victims, external fraud investigation processes, as well as the administration and management of the operation related to transactional monitoring.
Security of People and Physical Infrastructure: defines and leads the operation of Physical and Electronic Security of the Bancolombia Group, in accordance with risk management, customer expectations, standards and regulatory frameworks of the national territory, positively influencing the relationship with authorities, associations and control entities. In order to protect the technological and physical integrity of people (customers and employees), processes and assets.

See more icon-arrow2-down

Culture of Cybersecurity, Information Security and Fraud Management

We have implemented the strategy of Cybersecurity Culture for our employees, suppliers and the different segments of customers and users. Information Security and Fraud Management seek to bring security to the daily life of our relationship groups through a series of communication, awareness and training actions.

The issues raised are addressed from different fronts, defined for each audience according to their needs and the regulations that govern us in each of the geographies where the Bancolombia Group is present.