Another Achievement for CDB – Gains ISO/IEC 27001:2013
- Reiterates absolute protection from information security threats and vulnerabilities
Achieving yet another triumph, Citizens Development Business Finance PLC (CDB) gained one of the toughest ISO certifications applicable for the financial industry recently. CDB is now proudly certified with ISO/IEC 27001:2013, the information security standard that specifies a management system intended to bring information security under management control. The accreditation was granted by TUV SUD Lanka (Pvt) Limited, a subsidiary of TUV SUD South Asia, which is headquartered in Munich, Germany. It is one of the world’s leading technical services providers in testing and product certification, inspection, auditing and system certification, in addition to training and knowledge services.
Following the completion of a successful audit, the conferring of the certification denotes that CDB is completely compliant with all standards and directives contained within the standards certification, leaving no room for non-conformance as certified by the auditor.
Very proud of his team’s achievement signalling another trailblazing triumph for the financial services industry, MD/CEO Mahesh Nanayakkara said, “This is yet another great achievement not just for CDB but for the entirety of the financial services industry because it reiterates the industry’s focus on conformance and absolute compliance, adding investor confidence into market dynamics. For CDB, this is an added laurel because gaining this certification is a difficult and tough process, and in fact some banking entities are yet to attempt getting certified. My team must be commended on completing the process successfully and adding those elements of security into the way we work, which will assure privacy, confidentiality, accessibility and reliability of customer data.”
The implementation partner for the project engaged by CDB to implement information security best practices and certification requirements was leading cyber security advisory firm Trustvault (Pvt) Limited. Engaging with CDB’s highly committed and driven IT team over several months to assess regulatory requirements with industry best practices, Trustvault established a practical information security governance framework that would be the axis upon which CDB’s information security will function. The process is subject to annual audits which will also involve continuous improvement and analysis of current and emerging scenarios that must be factored into the framework.
As Nanayakkara concludes: “With the increased use of IT in our daily lives, the financial services industry especially remains vulnerable to cyber security threats, which could be via disruption, modification, data destruction or even unauthorised access. Having pioneered some industry firsts in IT, we have also been very cognisant of these threats and vulnerabilities. While maximum information protection has always been in place at CDB, we also know that infusing global best practices will be instrumental in absolute protection of our customer data, which is why we ventured into ISO/IEC 27001:2003. Our stakeholders are now reassured that their information will always be protected with best in class standards.”
MD/CEO of CDB Mahesh Nanayakkara stands proudly with his team as he is presented the ISO/IEC 27001:2003 certification by Deputy General Manager – Operations (Academy) Noel Fernandes and Branch Manager (Sri Lanka) Wasantha Gunarathne of TUV SUD Lanka (Pvt) Ltd, making CDB completely compliant with information security best practices as per the standards certification granted by leading cyber security advisory firm Trustvault (Pvt) Limited.