NDB, first Sri Lankan Bank certified in latest ISO 27001:2022

Above: NDB CEO and other senior officials.

National Development Bank PLC has announced its landmark achievement as the first Sri Lankan bank to be certified to the latest ISO 27001:2022 for their Information Security Management System (ISMS).

This prestigious certification underscores NDB’s commitment to uphold global standards and protect the information assets of the bank’s customers, stakeholders, and the bank itself, it said in a media release.

The ISO 27001:2022 certification is an internationally recognised standard for managing information security. Achieving this certification demonstrates NDB’s dedication to continuous improvement in securing data and managing information security. The rigorous certification process involved a comprehensive audit of NDB’s information security policies, procedures, and controls, ensuring they meet the stringent requirements set forth by the International Organisation for Standardisation (ISO).

In addition to the ISO 27001:2022 certification, NDB has also been certified in ISO 22301 for Business Continuity Management Systems (BCMS). This certification is a testament to NDB’s preparedness and resilience in ensuring that business operations continue seamlessly in the face of unexpected disruptions. Notably, NDB remains the only bank in Sri Lanka to have achieved the ISO 22301 certification as well, the statement said.

NDB’s Chief Information Officer (CIO) and VP-IT, Indika Gunawardena, emphasised the bank’s strategic investments in IT security as a cornerstone of its commitment to safeguarding information assets. “Our vision is clear: to protect our information assets at all costs. Achieving ISO 27001:2022 and ISO 22301 certifications is a reflection of our proactive approach to IT security and business continuity. We have invested significantly in advanced security technologies and robust processes to ensure our systems are resilient and our data is secure. Our plan is to further align our service levels to meet international frameworks and obtain two more ISO certifications within the year, namely ISO 20000 for IT Service Management and ISO 27701 for Management of Data Privacy,” the CIO said.