As we intend to invest in technology and digital capabilities to build scale and offer best-in-class experience, CDB recognises the need to have a robust IT Governance framework to provide a balanced mix of technological investments that we aligned with strategic and cross-functional business objectives. The IT Governance framework is built on the Three Lines of Defence approach. Refer the diagram below.

As a part of this framework CDB established two main strategic steering committees, namely the Information Technology Steering Committee (ITSC) and Information Security Steering Committee (ISSC) to promote, oversee and support the effective use of technology, information as well as information security across the Organisation as well as create strong security posture and cyber resilience within the Organisation.

Technology Three Lines of Defence

BIRMC – Board Integrated Risk Management Committee

ITSC - Information Technology Steering Committee

ISSC – Information Security Steering Committee

 

The Committee also improves alignment between IT and business strategy, accountability for IT decisions and finally value generation through ongoing evaluation of IT value and performance of IT services.

CDB’s Information Technology (IT) Strategy serves as a comprehensive five-year roadmap, outlining the scope of the Company’s IT initiatives and their contributions to the CDB ecosystem. Guided by the strategic pillars of “Sustainability” and “Technology Disruption”, the IT Strategy prioritises projects and allocates funds accordingly, with a primary goal of enhancing customer service delivery. A key aspect of this strategy involves fortifying the cyber resilience of CDB’s IT systems in the face of evolving threats.

To achieve these objectives, CDB focuses on strengthening its cyber team and their capabilities, enabling secure and innovative operations. Additionally, the Company leverages its oversight roles to regulate and promote leading cybersecurity standards, ensuring comprehensive security measures. Collaboration with key partners is also a priority for CDB, as they work together to promote resilience and reduce the occurrence and impact of cybersecurity breaches.

Cybersecurity is of utmost importance to CDB, and the Company adopts a proactive approach to mitigate threats. This involves investing in new technologies, processes, and personnel, and collaborating with public and private sector partners on a national and international level. The cyber security strategy focuses on detecting, responding to, and recovering from cyber intrusions, ultimately bolstering the overall cyber resilience of the Company.

In addition, CDB has received the ISO/IEC 27001:2013 certification for its IT Services and has continued the certification for the last five consecutive years. The certification is a testament to its commitment to ensuring the highest levels of customer information security through conformance to the highest information systems, practices and protocols, in accordance with global standards. Additionally, CDB has established security solutions and policy management protocols supported to align multi vendor solutions which addresses cyber security challenges and the associated cyber risk.

CDB consistently carries out security assessments to detect and evaluate vulnerabilities in systems and applications, promptly taking necessary corrective measures. Additionally, the Company is constantly on alert to emerging technologies, and new cyber threats emanating from a wide range of sources in creating resilience.

In achieving cyber resilience team members were made aware and kept updated through e-flyers and staff announcements. Further, with the help of industry experts, staff members and the Board of Directors were given cyber security training and awareness.