Achieve ISO 27001 Certification with IT Governance eBooks, toolkits and pocket guides
ISO/IEC 27001:2013 is the international standard that sets out the specifications of an information security management system (ISMS), a systematic approach to information security that encompasses people, process, and technology. An ISMS compliant with ISO 27001 can help organisations meet all their information security regulatory compliance objectives, as well as helping them to prepare and position themselves for new and emerging regulations.
The ISO 27001:2013 standard can be downloaded here >>
ISO 27001 provides the specification for an ISMS, and its related code of practice, ISO/IEC 27002:2013, contains the controls and related implementation guidance.
ISO 27001 draws on the knowledge of a group of experienced information security practitioners from a wide range of significant organisations in more than 40 countries to set out best practices in information security.
ISO 27001 and the IT Act 2008
The IT Act 2008 extensively amends the Information Technology Act 2000:
- The increasing popularity of smartphones is addressed, and the term ‘communication devices’ is defined to mean ‘cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, video or image’.
- The validation of electronic signatures and contracts is addressed, and ‘electronic signature’ is substituted for ‘digital signature’ throughout the Act, promoting technological neutrality. The term ‘electronic signature’ is defined to mean ‘authentication of any electronic record by a subscriber by means of [a specified] electronic technique… and includes digital signature’.
- Section 43A mandates that corporations are responsible for implementing and maintaining ‘reasonable security practices and procedures’ to protect ‘sensitive personal data or information’. They are now liable for breaches and must pay compensation to affected parties.
- Owners of a given IP address are now responsible for content accessed or distributed through it.
- New forms of crime not covered by the original Act are addressed and new penal provisions are included. Details of these offences are listed below.
The majority of offences under the IT Act 2008 are punishable by up to three years’ imprisonment and a fine of up to one lakh rupees. Please see our IT Act information page for further guidance >>
Organisations looking to seek compliance with Section 43A of the IT Act 2008 can implement ‘reasonable security practices and procedures’ with a robust information security management system (ISMS) as laid out in ISO 27001.
ISO 27001 supports other local legislation
ISO 27001 can also support adherence to the new Draft Privacy (Protection) Act (also known as India’s Privacy Bill) when it gets promulgated. ISO 27001’s holistic focus on people, processes and technology means that it can provide Indian organisations with a robust framework that can help them to comply with numerous cyber security and data protection laws.
Information security and ISO27001 green paper
If you are new to information security and the ISO 27001 certification, provide us with your details below and we will send you our free green paper on ISO 27001 and Information Security.
Achieve success with an ISO27001 certification
It is no secret that ISO 27001 is an indication of high quality business practices and information security management. ISO 27001 certification not only demonstrates that an organisation follows best practice, it also helps an organisation win new business, both nationally and internationally.
Why choose IT Governance?
IT Governance has more experience in implementing ISO 27001 than any other organisation in the world. We’re a management system and cyber security specialist and have led more than 140 successful certifications in organisations of all sizes to ISO 27001 around the world.
Our ISO 27001 packaged solutions give Indian organisations online access to world-class expertise. Each fixed-priced solution is a combination of products and services that will enable you to implement ISO 27001 at a speed and for a budget appropriate to your individual needs.
Get started today >>
ISO/IEC 27001:2013 (ISO27001 Standard) ISMS Requirements
ISO27001:2013 ISMS Standalone Documentation Toolkit
Nine Steps to Success: an ISO27001 Implementation Overview
ISO27001 Certified ISMS Lead Implementer Online Training Course
Email us for more information about how our consultants can help you implement the ISO 27001 standard.