ISO 27001 – are you compliant?

“If you reveal your secrets to the wind, you should not blame it for revealing them to the trees”

Kahlil Gibran, 19th century poet and artist

But if the wind promises to be a cost-effective and reliable outsourcer who can manage an organisation’s sensitive data?

When it comes to handling sensitive corporate information, an organisation’s concerns regarding data leakage are not trivial.

Unfortunately, with security breaches making headlines globally, trusting an outsourcing provider’s information security capabilities is being extremely difficult. A 2010 study carried out by Deloitte says that only 23% of enterprises in India (and 32% globally) were comfortable with information security practices of their outsourcers.

These figures shouldn’t be ignored.

New technologies are on the top of companies’ worries when it comes to the security of outsourced data these days. With cloud computing ruling today’s enterprise IT structure, CIOs are still wary of data co-location on the cloud. Another concern is the human factor – employees who are the privileged users of corporate data.

Keeping up-to-date with international security and auditing standards help companies protect their corporate assets more effectively.

Indian organisations today are increasingly keeping themselves abreast of international security and auditing standards (i.e. Statement of Auditing Standards, SAS70) over and beyond their basic security certifications such as ISO 27001. This certification provides guidance to service auditors while performing internal controls assessments of a service organisation.

The case of ISO 27001

A few years ago, the ISO 27001 standard replaced BS7799, which had over 2,500 organisations worldwide certified against it. Today ISO 27001 is not only a choice but is also a law in such nations as India with more and more firms certifying against it.

Under the new data privacy law, which states that “The body corporate or a person on its behalf who have implemented either IS/ISO/IEC 27001 standard or the codes of best practices for data protection as approved and notified under sub-rule (3) shall be deemed to have complied with reasonable security practices and procedures provided that such standard or the codes of best practices have been certified or audited on a regular basis by entities through independent auditor, duly approved by the Central Government”, Indian companies collecting data from individuals (“providers of information”) will be covered under the new rules governing collection and use of sensitive personal information.

Love information security – Love ISO 27001

Implementing a solid information security management system (ISMS) has never been easier. The following essential tools will help you boost your ISMS project and achieve ISO 27001 certification. Choose from a wide range of useful best practice reports, eBooks, pocket guides and toolkits today!


 


Templates and Toolkits

ISO27001 ISMS Toolkit

Visit our online store now!

Our toolkits have been designed to meet all the requirements of the new ISO/IEC 27001:2005 standard for Information Security Management Systems. These toolkits are now in use in 100’s of organisations of all sizes all round the world.

 


Best Practice Reports

Best Practice Reports

Download today!

These Best Practice Reports give you the latest information and trends in key areas of IT governance and identifies best practice for avoiding business, regulatory and brand damage.

 


eBooks

Information Security and ISO27001 books

Buy now!

Written by information security and ISO 27001 experts, our eBooks are your first source of information on carrying out effective ISMS projects, cyber security, cloud computing and many more!

 


Pocket Guides

Information Security and ISO27001 pocket guides

Order now!

These pocket guides are short and handy and cover specific IT governance, regulatory compliance, information security and business continuity subjects (amongst others), written by subject matter experts. This category enables you to quickly find a pocket guide to provide you with the information you need.

Don’t procrastinate – get certified this year!