NDB becomes first Sri Lankan bank to be ISO 27001:2022 certified

National Development Bank PLC (NDB) became the first Sri Lankan bank to be certified to the latest ISO 27001:2022, for its Information Security Management System. 
The ISO 27001:2022 certification is an internationally recognised standard for managing information security. Achieving this certification demonstrates NDB’s dedication to continuous improvement in securing data and managing information security. 

The rigorous certification process involved a comprehensive audit of NDB’s information security policies, procedures and controls, ensuring they meet the stringent requirements set forth by the International Organisation for Standardisation (ISO).
In addition to the ISO 27001:2022 certification, NDB has also been certified in ISO 22301 for Business Continuity Management Systems. Notably, NDB remains the only bank in Sri Lanka to have achieved the ISO 22301 certification as well.
“We have invested significantly in advanced security technologies and robust processes to ensure our systems are resilient and our data is secure. Our plan is to further align our service levels to meet international frameworks and obtain two more ISO certifications within the year, namely ISO 20000 for IT Service Management and ISO 27701 for Management of Data Privacy,” said NDB Chief Information Officer and VP IT Indika Gunawardena.