Government, ISO 27001 Certification

Indian Government To Mandate ISO 27001

Reading Time: 2 minutes

Last Updated on June 23, 2011

I’m surprised this piece of legislation has not gotten more press.

In February, the Ministry of Communications and Information Technology (MCIT) released the draft notification proposed to be released in respect of Section 43A of ITA 2008.
Under Sec 43A the ITA (Information Technology Act) defines what “Sensitive Personal Information” is and the “Reasonable Security Practice” that a company should follow to protect it.
The current phrasing of the ITA can easily be interpreted to make ISO 27001 mandatory.

ISO 27001 Roadmap ThumbnailISO 27001 is manageable and not out of reach for anyone!
It’s a process made up of things you already know – and things you may already be doing.
Download our ISO 27001 Roadmap now!

Clause 7 sub-rule 1 includes, “Any person, including a body corporate shall be considered to have complied with reasonable security practices and procedures, if they have implemented such security practices and standards which shall require a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected.” Sub-rule 2 follows and defines an acceptable program as “The International Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements” has been adopted by the country
While sub-rule 2 does allow for use of an alternate ISMS that meets the requirements of sub-rule – this piece of legislation (if passed) will mandate that all Indian companies protect sensitive data via ISO 27001.

What will this mean?

  1. It’s a good time to be a registrar, ISO 27001 Consultant, or ISO 27001 Lead Auditor living in India?
  2. Companies doing business with Indian companies that need to demonstrate compliance with 27001 are going to be asked to demonstrate 27001 compliance?
  3. Dependent upon the success level – Will other governments follow suit?

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through
the entire ISO 27001 process.
The roadmap will show you, in concrete terms, that ISO 27001 is
manageable — and not out of reach for anyone! Getting to ISO 27001
is a process made up of things you already know –
and things you may already be doing!

Back to list

Related Posts

One thought on “Indian Government To Mandate ISO 27001

  1. Aditya Pal says:

    Whether indian e commerce giants like swiggy, ola, UC are complying this standards? Further, what about MSME vendors or startup, how they can bear such high cost of implementation of ISO 27001 or similar standards? Are there any penalty charged by government for non complying such provision?

Leave a Reply

Your email address will not be published.