Home / Financial Services/ CDB gains ISO/IEC 27001:2013

CDB gains ISO/IEC 27001:2013

Comments / {{hitsCtrl.values.hits}} Views / Friday, 11 January 2019 00:00


CDB MD/CEO Mahesh Nanayakkara stands proudly with his team as he is presented the ISO/IEC 27001:2003 certification by Deputy General Manager – Operations (Academy) Noel Fernandes and Branch Manager (Sri Lanka) Wasantha Gunarathne of TUV SUD Lanka, making CDB completely compliant with information security best practices as per the standards certification granted by leading cyber security advisory firm Trustvault


  • Reiterates absolute protection from information security threats and vulnerabilities

Achieving yet another triumph, Citizens Development Business Finance PLC (CDB) gained one of the toughest ISO certifications applicable for the financial industry recently. CDB is now proudly certified with ISO/IEC 27001:2013, the information security standard that specifies a management system intended to bring information security under management control.

The accreditation was granted by TUV SUD Lanka Ltd., a subsidiary of TUV SUD South Asia, which is headquartered in Munich, Germany. It is one of the world’s leading technical services providers in testing and product certification, inspection, auditing and system certification, in addition to training and knowledge services.

Following the completion of a successful audit, the conferring of the certification denotes that CDB is completely compliant with all standards and directives contained within the standards certification, leaving no room for non-conformance as certified by the auditor.  

Very proud of his team’s achievement signalling another trailblazing triumph for the financial services industry, MD/CEO Mahesh Nanayakkara said: “This is yet another great achievement not just for CDB but for the entirety of the financial services industry because it reiterates the industry’s focus on conformance and absolute compliance, adding investor confidence into market dynamics.  For CDB, this is an added laurel because gaining this certification is a difficult and tough process, and in fact some banking entities are yet to attempt getting certified. My team must be commended on completing the process successfully and adding those elements of security into the way we work, which will assure privacy, confidentiality, accessibility and reliability of customer data.”

The implementation partner for the project engaged by CDB to implement information security best practices and certification requirements was leading cyber security advisory firm Trustvault Ltd. Engaging with CDB’s highly committed and driven IT team over several months to assess regulatory requirements with industry best practices, Trustvault established a practical information security governance framework that would be the axis upon which CDB’s information security will function.  The process is subject to annual audits which will also involve continuous improvement and analysis of current and emerging scenarios that must be factored into the framework. As Nanayakkara concludes: “With the increased use of IT in our daily lives, the financial services industry especially remains vulnerable to cyber security threats, which could be via disruption, modification, data destruction or even unauthorised access. Having pioneered some industry firsts in IT, we have also been very cognisant of these threats and vulnerabilities. While maximum information protection has always been in place at CDB, we also know that infusing global best practices will be instrumental in absolute protection of our customer data, which is why we ventured into ISO/IEC 27001:2003.  Our stakeholders are now reassured that their information will always be protected with best in class standards.”

Share This Article

Facebook Twitter


1. All comments will be moderated by the Daily FT Web Editor.

2. Comments that are abusive, obscene, incendiary, defamatory or irrelevant will not be published.

3. We may remove hyperlinks within comments.

4. Kindly use a genuine email ID and provide your name.

5. Spamming the comments section under different user names may result in being blacklisted.


Today's Columnists

A case for reviewing plantation management

Thursday, 23 May 2019

Last week, I elaborated on ‘Going Beyond Agronomic Research for Plantation Reform’ with the aim of beginning a conversation on the importance of non-agronomic research to understand the many problematic areas that plague the plantation sector, in

How are we doing in e-government?

Thursday, 23 May 2019

It is customary to assess some aspect of the performance of a country using a composite index such as the Ease of Doing Business Index or the Network Readiness Index. For government services, there is the e-Government Development Index (EGDI), issued

National introspection in the aftermath

Thursday, 23 May 2019

“The immediate task for the Government is to guaranty the safety and security of all innocent Muslims and prevent a recurrence of 1983 … One cannot eradicate one evil with another” – Anatomy of an Islamist Infamy (III), CT, 9 May. In this, th

Dhammika Perera an anti-establishment candidate

Thursday, 23 May 2019

During the holy Vesak weekend the phones were buzzing all over Sri Lanka over a story that appeared on a web page. The story said that Prime Minister Ranil Wickremesinghe had met with business tycoon Dhammika Perera whose business empire contribute

Columnists More