Case Study
ISO 27001 main standard supporting Indian Government legislation for organisations handling sensitive or personal information
In a 2011 Notification as part of the Information Technology Act 2000, the Indian Ministry of Communications and Technology quotes ISO 27001 as one of the means organisations ‘shall be considered to have complied with reasonable security practices and procedures, if they have implemented such security practices and standards and have a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of business.’