“If you reveal your secrets to the wind, you should not blame it for revealing them to the trees”
Kahlil Gibran, 19th century poet and artist
But if the wind promises to be a cost-effective and reliable outsourcer who can manage an organisation’s sensitive data?
When it comes to handling sensitive corporate information, an organisation’s concerns regarding data leakage are not trivial.
Unfortunately, with security breaches making headlines globally, trusting an outsourcing provider’s information security capabilities is being extremely difficult. A 2010 study carried out by Deloitte says that only 23% of enterprises in India (and 32% globally) were comfortable with information security practices of their outsourcers.
These figures shouldn’t be ignored.
New technologies are on the top of companies’ worries when it comes to the security of outsourced data these days. With cloud computing ruling today’s enterprise IT structure, CIOs are still wary of data co-location on the cloud. Another concern is the human factor – employees who are the privileged users of corporate data.
Keeping up-to-date with international security and auditing standards help companies protect their corporate assets more effectively.
Indian organisations today are increasingly keeping themselves abreast of international security and auditing standards (i.e. Statement of Auditing Standards, SAS70) over and beyond their basic security certifications such as ISO 27001. This certification provides guidance to service auditors while performing internal controls assessments of a service organisation.
The case of ISO 27001
A few years ago, the ISO 27001 standard replaced BS7799, which had over 2,500 organisations worldwide certified against it. Today ISO 27001 is not only a choice but is also a law in such nations as India with more and more firms certifying against it.
Under the new data privacy law, which states that “The body corporate or a person on its behalf who have implemented either IS/ISO/IEC 27001 standard or the codes of best practices for data protection as approved and notified under sub-rule (3) shall be deemed to have complied with reasonable security practices and procedures provided that such standard or the codes of best practices have been certified or audited on a regular basis by entities through independent auditor, duly approved by the Central Government”, Indian companies collecting data from individuals (“providers of information”) will be covered under the new rules governing collection and use of sensitive personal information.
Love information security – Love ISO 27001
Implementing a solid information security management system (ISMS) has never been easier. The following essential tools will help you boost your ISMS project and achieve ISO 27001 certification. Choose from a wide range of useful best practice reports, eBooks, pocket guides and toolkits today!