Cybersecurity Audit: Port of Kribi Assesses Its Readiness for ISO 27001
Cybersecurity Audit: Port of Kribi Assesses Its Readiness for ISO 27001
A strategic diagnosis reveals solid foundations but a system still to be fully structured
Presented in Douala, the findings of the information security assessment at the Port Authority of Kribi highlight limited compliance but strong potential for transformation toward a robust and secure model.
On April 15, 2026, in Douala, the Port Authority of Kribi (PAK) held the closing meeting of its Information Security Management System (ISMS) assessment, conducted in line with the ISO 27001:2022 standard.
Led by experts Mohammed Ramy and David Lutete, the mission aimed to evaluate the maturity of the current system, identify compliance gaps, and define a structured roadmap toward certification.
A system still under development
The assessment reveals that the ISMS is not yet formally deployed. Existing practices are largely fragmented and lack a unified governance framework. Overall compliance is estimated between 10% and 15%, indicating early-stage foundations that remain insufficient against ISO 27001 requirements.
Key gaps include the absence of a formal information security policy, an undefined ISMS scope, and the lack of a dedicated governance structure. No Chief Information Security Officer (CISO) has been appointed, and responsibilities remain dispersed, limiting effective oversight and control.
Limited risk formalization and awareness
The audit also highlights the absence of a formal risk assessment and risk treatment plan—core pillars of ISO 27001. Awareness of cybersecurity practices remains limited across teams, and there is a lack of structured procedures, performance indicators, and governance mechanisms.
From a technical standpoint, several weaknesses were identified, including the absence of policies for cryptography, access control, and information classification. Key processes such as change management, configuration management, and incident response are not yet formalized. Additionally, controls related to endpoint security, data protection, and infrastructure resilience require significant strengthening.
Strong foundations to build on
Despite these gaps, the audit identified several strengths. The Port benefits from a well-established quality management system, an operational internal audit program, and solid document control practices. The use of secure VPN access for remote work also reflects an initial level of cybersecurity awareness.
Most importantly, strong commitment from top management—aligned with the Smart Port vision—provides a critical lever for accelerating this transformation.
A clear roadmap toward compliance
The audit recommends rapidly structuring governance by appointing a CISO and establishing dedicated security committees. Priority actions include conducting penetration testing, developing an IT disaster recovery plan, and strengthening staff capabilities through targeted training.
The estimated timeline to achieve compliance ranges from 12 to 15 months, subject to sustained commitment and disciplined execution of the ISMS roadmap.
Beyond a simple assessment, this exercise marks a turning point. It lays the groundwork for a robust security framework—an essential condition to support the port’s digital transformation and ensure operational resilience in an increasingly complex cyber risk environment.
The challenge is now clear: transform identified potential into a benchmark standard.
