National Development Bank PLC, as the “trend setter” in the industry, proudly announces its landmark achievement as the first Sri Lankan bank to be certified to the latest ISO 27001:2022 for their Information Security Management System (ISMS). This prestigious certification underscores NDB’s commitment to uphold global standards and protect the information assets of the bank’s customers, stakeholders, and the bank itself.
The ISO 27001:2022 certification is an internationally recognised standard for managing information security. Achieving this certification demonstrates NDB’s dedication to continuous improvement in securing data and managing information security. The rigorous certification process involved a comprehensive audit of NDB’s information security policies, procedures, and controls, ensuring they meet the stringent requirements set forth by the International Organisation for Standardisation (ISO).
NDB’s commitment to information security is further validated by its recent accolade from the Information Systems Audit and Control Association (ISACA). NDB was honoured with the prestigious ISACA award for Best Technology Resilience Company of the Year in the banking category. This recognition also highlights NDB’s robust technology infrastructure and its ability to withstand and recover from technological disruptions.
In addition to the ISO 27001:2022 certification, NDB has also been certified in ISO 22301 for Business Continuity Management Systems (BCMS). This certification is a testament to NDB’s preparedness and resilience in ensuring that business operations continue seamlessly in the face of unexpected disruptions. Notably, NDB remains the only bank in Sri Lanka to have achieved the ISO 22301 certification as well.
NDB’s Chief Information Officer (CIO) and VP-IT, Mr. Indika Gunawardena, emphasised the bank’s strategic investments in IT security as a cornerstone of its commitment to safeguarding information assets. “Our vision is clear: to protect our information assets at all costs. Achieving ISO 27001:2022 and ISO 22301 certifications is a reflection of our proactive approach to IT security and business continuity. We have invested significantly in advanced security technologies and robust processes to ensure our systems are resilient and our data is secure. Our plan is to further align our service levels to meet international frameworks and obtain two more ISO certifications within the year, namely ISO 20000 for IT Service Management and ISO 27701 for Management of Data Privacy” the CIO stated.
NDB’s Head of IT Security, Mr. Rasika Sampath, attributed these achievements to the forward-thinking leadership of the bank. The management’s vision and commitment to excellence have been instrumental in driving the bank towards these significant milestones. He further stated, ‘In addition to the milestones we have already reached, we have more advanced security solutions and safeguarding measures planned in our roadmap. These measures aim to ensure that NDB remains the most trusted and secure banking partner for all Sri Lankans, both locally and globally.
With the rapid evolution of technology, cyberspace has become an increasingly vulnerable arena, particularly as hackers with financial motives tend to target financial institutions as lucrative targets. Our customers are well aware of this reality and prefer banking solutions from institutions endorsed by international organisations for their security standards. At NDB, we are committed to staying ahead of these threats and providing our customers with the highest level of protection for their financial assets.”
The bank’s focus on IT security is not merely about compliance but about fostering a culture of security within the organization. NDB has implemented a multi-layered security strategy that includes state-of-the-art technologies, continuous monitoring, and regular security audits. These measures are designed to detect and mitigate potential threats before they can impact the bank’s operations or compromise customer data.
Looking ahead, NDB remains committed to maintaining and enhancing its information security aligning with global frameworks. The bank will continue to invest in cutting-edge technologies and innovative solutions to stay ahead of emerging threats and ensure the highest levels of security and resilience, setting up a benchmark for the banking industry and reaffirming its position as a trusted partner for its customers and stakeholders.
