Sri Lanka’s DFCC Bank receives ISO 27001:2013 certification

DFCC Bank was recently awarded the ISO 27001:2013 certification in recognition of implementing the best practices in legal, physical and technical control for information security management. The certificate was awarded to Palitha Gamage, Chief Risk Officer – DFCC Bank by Shan Nanayakkara, General Manager – Bureau Veritas Sri Lanka, at the awarding ceremony held at the DFCC Bank Auditorium recently.

This certification entails that the bank has met all levels of confidence in information security management, becoming one of the four financial institutions in the country to be certified. Apart from enhancing DFCC Bank’s image and giving it a competitive edge in the industry, the certification also reinforces the bank’s willingness and commitment in enhancing security posture of the organisation to increase customer confidence in line with international standards and best practice.

“This is yet another step in our journey of growth as a Bank that is committed to providing sustainable solutions to all stakeholders. We take pride in being awarded this certification, which demonstrates our compliance with mandatory certification as laid down by the Central Bank. As one of the first few financial institutions to comply with this requirement, this certification will help us to manage information security risks at acceptable levels and provide assurance to customers and suppliers. DFCC Bank sustains the highest levels of compliance and governance and risk frameworks, and gaining this ISO standard goes a long way in proving our ability and willingness to spearhead the industry. The DFCC management was committed to implement the ISO 27001:2013 security standard and engaged with PWC for the ISO implementation and with Bureau Veritas for the certification audit. We are grateful to them for their support.” said Arjun Fernando – CEO, DFCC Bank.

Commenting on this achievement, Yudhishtran Kanagasabai – Director, PwC Sri Lanka, said, “DFCC has taken a bold step well ahead from Baseline Security Standard mandated by the Regulator in moving towards ISO 27001:2013 thus firstly raising security awareness, establishing processes and then keeping an unblinking focus on violations and new threats as they emerge with a view to strengthening its security posture. In an era where the technology landscape continues to change and the diversity of the threat landscape continues to increase this certification would move DFCC to the next level in being a cyber-resilient organisation thus providing comfort to all its stakeholders about privacy of data and information. PwC is proud be associated with this journey that resulted in DFCC being certified in ISO 27001:2013.”

General Manager, Bureau Veritas, Shan Nanayakkara said, “I would like to congratulate the management of the DFCC Bank and all those involved in this collective effort. Your achievement will make a positive difference in developing the objectives of the bank. The ISO 27001:2013 standard provides a robust model for information security risk assessment and security design, implementation, and management. With its comprehensive approach that takes into account threats, vulnerabilities, and impacts, the standard helps to ensure the adoption of appropriate security controls that protect the information of the company, customers and other stakeholders. Being certified to ISO 27001 will not only help DFCC Bank to manage and protect its valuable information assets but will enhance its reputation by demonstrating to customers that the security of their information is paramount.”

DFCC Bank PLC is a fully-fledged dynamic commercial bank and development bank that services customers from all walks of life and is rated AA- (lka) by Fitch Ratings Lanka Limited. The Bank has been rapidly growing its footprint across the country and is connected to the LankaPay Common ATM Switch, enabling accountholders to access over 3,500 ATMs island-wide and performs zero cost cash withdrawals and balance inquiries via connected banks.

(Media Release)


The DFCC Team who worked on the ISO project together with the officials from PwC and Bureau Veritas