Achieve ISO 27001 Certification with IT Governance eBooks, Toolkits and Pocket Guides
ISO/IEC 27001:2005 is the international standard for information security management systems (ISMS). This standard, which is closely allied to ISO/IEC 27002:2005, helps organisations meet all their information-related regulatory compliance objectives, and helps them prepare and position themselves for new and emerging regulations.
ISO 27001 ISMS Requirements can be downloaded here >>
ISO 27001 provides the specification for an ISMS, and the related code of practice – ISO 27002 – contains the controls and implementation guidance necessary to implement ISO 27001. It draws on the knowledge of a group of experienced information security practitioners in a wide range of significant organisations across more than 40 countries to set out best practice in information security.
- ensures you comply with India Technology Act (ITA)
- will underpin and protect IT worldwide over the next decade
- is designed to harmonise with ISO 9001:2008, ISO 14001:2004, ISO 20000 and others for effective management system integration
- implements the Plan-Do-Check-Act (PDCA) model
- reflects the principles of the 2002 OECD guidance on the security of information systems and networks
ISO 27001 in India: Government regulations
ISO 27001 certification is not only a corporate issue. It is now becoming a government issue in the majority of countries around the world, too.
In India, April 2011, the Government released an announcement on privacy data law that involves any company which collects information within India. The proposed regulations will have a major impact on global enterprises doing business with Indian outsourcers. State regulations in India require companies to ensure private data stays private.
In th Act, the Indian Government stated that the body corporate and the Data Processor should implement reasonable security practices and standards. ISO 27001 is recognised as an approved security practices standard that the organisations could implement to comply with the security measures set under the Data Privacy Rules.
When outsourcing aspects of IT that touch data stores, companies need to be extra careful that the service providers they engage with, follow these new rules of the law, and the exact policies of their shareholders and/or management. Not complying with this new Act can result in fines, brand damage and loss of revenue.
Organisations must follow new regulations stated in the Indian ITA (Information Technology Act), which include:
“The body corporate or a person on its behalf who have implemented either IS/ISO/IEC 27001 standard or the codes of best practices for data protection as approved and notified under sub-rule (3) shall be deemed to have complied with reasonable security practices and procedures provided that such standard or the codes of best practices have been certified or audited on a regular basis by entities through independent auditor, duly approved by the Central Government."
“The appropriate Government may cause an audit to be conducted of the affairs of the service providers and authorised agents in the State at such intervals as deemed necessary by nominating such audit agencies. (...) The audit of reasonable security practices and procedures shall be carried out by an auditor at least once a year or as and when the body corporate or a person on its behalf undertakes significant upgradation of its process and computer resource.”
For more information on ITA regulations and other cyber laws in India, please visit the website below:
Information security and an ISO 27001 white paper
If you are new to information security and the ISO 27001 certificate, provide us with your details below and we will send you a free ISO 27001 and information security white paper.
Gain success with an ISO 27001 certification
How IT Governance can help you on your journey to ISO 27001 certification and improvement of your corporate data security
It is no secret that ISO 27001 is an indication of high quality business practices and information security management. The certificate not only demonstrates that an organisation follows best practise, it also helps an organisation win new business, both nationally and internationally. More clients, means more revenue.
Cyber Security in India
The Indian Government has issued a number of regulations and strategies to combat cyber crime and reduce the risks that threaten businesses nationwide.
The IT Act 2000, the IT (Amendment) Act, 2008 and the National Cyber Security Policy all use best practices and guidelines, many of which are found in the standard of ISO 27001.
The IT Act even states that those organisations who have implemented ISO 27001 “shall be deemed to have complied with reasonable security practices and procedures”.Become ISO 27001 certified with the range of these useful resources: E-mail
us for more information about how our consultants could help you implement the ISO 27001 Standard.