Skip to main content

Management Systems

The Authority strives to maintain customer satisfaction by implementing effective systems and focus on customer feedback.  Therefore, adoption of a quality management system is a strategic decision taken by the Authority to help improve its overall performance and provide a sound basis for sustainable development initiatives.  It assists us to:-

  1. Demonstrate our ability to consistently provide services that meet customer and applicable statutory and regulatory requirements.
  2. Facilitate opportunities to enhance customer satisfaction.
  3. Address risks and opportunities associated with the Authority’s context and objectives.
  4. Show the Authority’s ability to demonstrate conformity to specified quality management system requirements.

The Authority also employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking in its management systems. Process approach enables us to plan our processes and their interactions. The PDCA cycle ensures that the Authority’s processes are adequately resourced and managed, and opportunities for improvement are determined and acted on.

The process approach involves the systematic definition and management of processes and their interactions so as to achieve the intended results in accordance with the quality policy and strategic direction of the Authority. 

The application of the process approach in a quality management system enables:

  1.  Understanding and consistency in meeting requirements.
  2. The consideration of processes in terms of value addition.
  3. The achievement of effective process performance.
  4. Improvement of processes based on evaluation of data and information.

Risk-based thinking enables us to determine the factors that could cause the Authority’s processes and quality management system to deviate from the planned results, to put in place preventive controls in order to minimize negative effects and to make maximum use of opportunities as they arise 

 

The Authority plans for disruptive incidents through implementation of a robust Business Continuity Management System (BCMS). This is done through identifying potential threats and analyzing their impact on day-to-day operations. Business continuity helps the Authority maintain resilience in responding quickly to an interruption.

The Authority also employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking in its management systems. Process approach enables us to plan our processes and their interactions. The PDCA cycle ensures that the Authority’s processes are adequately resourced and managed, and opportunities for improvement are determined and acted on.

Adoption of a robust BCMS has enabled the Authority to maintain critical business functions during a disaster and after it has occurred. There are established risk management processes and procedures that aim to prevent interruptions to critical services and reestablish full day-to-day function to the organization as quickly and with as little downtime as possible.

Towards this, the Authority commits to comply with all applicable statutory requirements and continual improvement of its Business Continuity Management System based on ISO 22301 International Standard

The Competition Authority of Kenya (“the Authority”) has established an Information Security Policy which supports its strategic objectives. The Authority is committed to maintaining and improving information security within the organization while minimizing its exposure to all risks. The policy outlines our commitment to information security through:

  1. Protection of the Confidentiality of Information - Safeguard employee, corporate and client information from unauthorized access, ensuring that all sensitive data remains confidential as required by law;
  2. Maintenance of Information Integrity and Availability - Ensure that all information is accurate and reliable, and that it is accessible as required by law;
  3. Promotion of Information Security Awareness - provide information security training and awareness for all employees;
  4. Provision of Relevant Information - Ensure that all necessary information is supplied to relevant functional processes and employees for approved purposes only, in alignment with organizational needs;
  5. Compliance with Legal and Regulatory Requirements - Meet all applicable regulatory and legislative obligations related to information security to protect the organization’s interests and reputation;
  6. Disaster Recovery and Business Continuity - Develop, maintain, and regularly test disaster recovery and business continuity plans to ensure the resilience of our business operations in the face of potential disruptions;
  7. Response to Information Security Breaches - Ensure that any actual or suspected breaches of information security are promptly reported and thoroughly investigated by the designated team, with immediate implementation of identified improvements;
  8. Adherence to ISO 27001 Standard - Comply with the requirements of ISO/IEC 27001:2022 to establish, implement, maintain, and continually improve our Information Security Management System (ISMS);
  9. Communication of the Information Security Policy - Clearly communicate the Information Security Policy both internally and externally, ensuring that it is accessible and understood by all relevant stakeholders upon request.

Documents

TYPE DOWNLOAD
ISM  Policy Download

Documents

TYPE DOWNLOAD
   
ISO-9001-2015 January 22 2024 - March 1 2025 Download
ISO 9001 2015 Certificate Download
Quality Policy Download
Business Continuity Policy Statement and Objectives Download