OREL IT has announced a landmark achievement for Sri Lanka’s digital ecosystem: OREL Cloud has become the first local cloud provider in the country to be certified under ISO/IEC 27017. Recognized globally as the gold standard for cloud-specific information security, this milestone represents more than a technical accomplishment, it is a reflection of OREL IT’s deep commitment to building secure, compliant, and future-ready cloud infrastructure.
Achieved in August 2024, the certification strengthens the trust that underpins OREL Cloud’s platform. In a world increasingly driven by cloud computing, trust is no longer optional, it must be built into the infrastructure from the ground up. With this certification, OREL Cloud delivers not only audited, globally benchmarked security controls but also the clarity and governance enterprises need to manage shared responsibility between provider and customer, reducing the risk of gaps or missteps in cloud operations.
ISO/IEC 27017 expands upon the more widely known ISO/IEC 27001 standard by addressing risks unique to cloud environments. These include the protection of virtualized and multi-tenant setups, mitigating cloud-native threats such as misconfigurations, co-location vulnerabilities, and third-party dependencies. For sectors like banking, healthcare, and government, where data sensitivity and regulatory oversight are especially high, this certification simplifies compliance with both local and international standards. It provides a trusted, secure foundation for digital transformation efforts, empowering organizations to scale without compromising control.
The certification also represents a strategic edge for businesses looking to meet international procurement criteria. Enterprises now have access to a platform that meets global cloud standards without defaulting to hyperscalers, all while benefiting from the agility and accountability of a local provider. OREL Cloud’s infrastructure is designed not only for today’s demands but also for tomorrow’s threats, with continuous security improvements baked into the platform, ensuring it evolves alongside the threat landscape.
“Security is more than compliance. It’s a continuous promise to every client we serve,” said Piumi Ranasinghe, Chief Customer Officer at OREL Cloud. “Achieving ISO/IEC 27017 is more than a validation of our controls. In fact, it reflects our proactive mindset. In a cloud-powered economy, enabling secure, scalable growth is how we build lasting partnerships, rooted in trust, built to endure, and delivered without compromise.”
Clients have already begun to feel the impact of this enhanced trust and security. Kanishka Weeramunda, Founder and CEO of PayMedia and DirectPay, remarked, “As a leading application provider for financial institutions, data security is non-negotiable for us. Partnering with OREL Cloud gives us confidence in a platform that’s not only locally hosted but internationally certified. ISO/IEC 27017 now elevates that assurance even further.”
He added, “With this certification, we’re now able to scale faster, collaborate better, and meet compliance requirements without added complexity. We’re gaining the global scale of a top-tier provider, backed by the local flexibility and accountability that OREL Cloud brings, aligned with the Central Bank’s guidelines and requirements.”
Looking beyond the certification, OREL IT continues to view cloud technology as more than infrastructure, it is a catalyst for meaningful progress. Whether serving healthcare systems, financial services, or public institutions, OREL Cloud exists to support missions that matter. The platform is built not just to scale, but to serve, with integrity, resilience, and purpose.
Organizations ready to migrate with confidence, scale with control, and innovate without compromise are invited to connect.
ENDS