Information Security in India: A new approach to ISO 27001

The likelihood of corporate data security becoming prone to malicious threats has become more probable than ever in the last few years, with global economic uncertainty and terrorism at a high.

International Case

Learning from companies like Sony and Marks & Spencer, it is important to realise that having sensitive data stolen by hackers can lead to company-destroying, and sometimes irreversible, consequences. Many people have highlighted the dangers, such as reputational damage and financial ramifications, which can happen if organisations’ security systems are shown to be insufficiently effective or non-existent. In Sony’s case, this observation might be quite pertinent.
The lesson to learn from this is that hackers can get hold of information from any company, large or small. The solution is simple – implement a solid information security plan. When your valuable data is protected, the risk of hackers stealing your information is minimal.

Drivers for Security in India

External threats are not the only factors for security: globalisation and directives are also another major issue. International companies which seek to outsource work to Indian firms, for instance, insist on security certification, or adherence to laws, standards and business practices prevalent in their respective countries. There is no surprise that all the top software, IT-enabled services companies and BPO outfits in India are achieving security certifications such as ISO 27001.

This information security standard is not new in this country. Back in 2009 India’s largest mobile phone firm, Bharti Airtel, was awarded certification to ISO/IEC 27001 Information Security Management Standard by the British Standards Institution (BSI) in India. For the company, information is critical. Certification to ISO/IEC 27001 helps manage and protect valuable information assets, defining requirements for an information security management system (ISMS), to help ensure adequate and proportionate security controls are in place.
Elaborating further, on 11th April 2011, the Indian Department of Information Technology in the Ministry of Communication made an important announcement on information security and ISO 27001:

The body corporate or a person on its behalf who have implemented either IS/ISO/IEC 27001 standard or the codes of best practices for data protection (…) shall be deemed to have complied with reasonable security practices and procedures provided that such standard or the codes of best practices have been certified or audited on a regular basis by entities through independent auditor, duly approved by the Central Government. The audit of reasonable security practices and procedures shall be carried out by an auditor at least once a year or when the body corporate or a person on its behalf undertakes significant upgradation of its process and computer resource.

Help is at Hand

With our up-to-date Complete ISMS Documentation Toolkit you can accelerate your ISO 27001 project and develop an ISO 27001-compliant information security management system (ISMS). The package is in a PDF format and is easy to download from our website. It contains all guidance, materials and tools that are in line with advice provided in Application Security in the ISO 27001 Environment (Download).