India: To ‘ISO’, or not to ‘ISO’, that is the question…

… In other words: is it worth having ISO 27001 certification or not? IT Governance can make things easier for you and answer this rather rhetorical question. Read on and we will explain how.

Digitalism and cybercrime – who is the victim?

With a proliferation of numerous devices and technologies, including Visualisation, Cloud Computing, and Xaas, a trend of adopting an information security plan (ISP) became highly important across verticals globally. The ability to access data 24/7 anywhere in the world has made the information-sharing process much easier and resulted in immense benefits. However, the corresponding risks that can affect corporate information cannot be ignored. Cyber-terrorism and hackers are still one of the biggest threats for organisations in today’s digital environment.

Protecting corporate assets

The battle against cyber-crime has now become a government issue too. On 26th May we wrote about the latest announcement from the Indian Department of Information Technology on new privacy data law released this spring. The law is tantamount for any company that collects information on customers, which, practically, is just about every organisation out there. The proposed regulations are likely to have a major impact on global enterprises doing business with Indian outsourcers. State regulations in India require companies to ensure private data stays private.

When outsourcing aspects of IT that touch data stores, companies have to be extra careful that the service providers they engage with must follow these rules of the law, and the exact policies of their shareholders and/or management. Not complying with this Act can create a disruption and at worst result in fines, damaged reputation and even loss of revenue.

For more information on new privacy rules in India, please read a full notification here.

If you would like to know what you need to do in order to comply with new regulations, please visit our website, where you can purchase extremely useful pocket guides (i.e. An Introduction to Information Security and ISO 27001) and toolkits (i.e. No 4 ISO 27001 Complete ISMS Documentation Toolkit) on information security.

Some interesting facts…

  • Currently in India, firms are seen pursuing ISO 27001, a certificate, which will help them better manage information security risks and retain their customers’ confidence.
  • ISO 27001 is the highest available certification awarded by the International Standards Organisation and is adopted from the BS7799 standards of the British Standards Institute (BSI).
  • At present, very few IT and BPO organisations in India are ISO 27001 compliant. These include, for instance, Satyam Computers, Keane India, Cranes Software, Accenture, Aztecsoft, PSI Data Systems and Microland.

The answer you’re looking for is here…

Finally, our response to the question in the subject line is certainly: ‘Yes! – ISO all the way’. Protect your valuable assets before it’s too late.

If you’re still unsure how to become ISO 27001 certified and would like to speak to one of our friendly customer service team, you can send us an e-mail: or call us on +44 (0)845 070 1750, as the answer might be nearer than you think.