{"id":16270,"date":"2020-09-27T11:47:49","date_gmt":"2020-09-27T11:47:49","guid":{"rendered":"https:\/\/www.osscertification.comblog\/?p=16270"},"modified":"2023-03-13T09:01:52","modified_gmt":"2023-03-13T03:31:52","slug":"iso-27001-certification-in-india","status":"publish","type":"post","link":"https:\/\/www.osscertification.com\/blog\/iso-27001-certification-in-india\/","title":{"rendered":"ISO 27001 Certification in India"},"content":{"rendered":"\r\n\r\n\r\n<h2><strong>The Objective of ISO 27001 -Information Security Management System, ISO 27001 implementation, and ISO 27001 Certification<\/strong><\/h2>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Confidentiality \u2013 Only authorized persons have the right to access information<\/li>\r\n<li>Integrity \u2013 Only authorized persons can change the information<\/li>\r\n<li>Availability \u2013 The information must be accessible to authorized persons whenever it is needed.<\/li>\r\n<li>Information is only accessible to authorized persons from within or outside the Company<\/li>\r\n<li>The integrity of information is maintained through the process and controls<\/li>\r\n<li>Information security only authorized persons responsible for managing the policy and providing support.<\/li>\r\n<li>The branches of information security and suspected weaknesses are reported and investigated.<\/li>\r\n<li>Business Requirements of availability of information and system will be met.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2><strong><u>ISO 27001:2013 Certification \u2013 Information security Management System<\/u><\/strong><\/h2>\r\n\r\n\r\n\r\n<p>ISO 27001 Information Security Management System standard- The organization seeking <a href=\"https:\/\/www.osscertification.com\/iso-27001-certification\/\">ISO 27001 Certification<\/a> must follow the ISO 27001 requirements set in the Information Security Management System Standard. The standard is adopted by the organization for implementation to demonstrate their ability to control Information security and it helps to protect the data of the organization from internal and external theft.<\/p>\r\n\r\n\r\n\r\n<p>Once the organization implemented an information security Management System (ISMS) in the organization in view to get ISO 27001 Certification the entire organization will get a certification, But as information security performance is concerned, the organization may tailor scope to improve performance at a particular facility or department in Information Security system within the organization ( But it is not necessary to do so).<\/p>\r\n\r\n\r\n\r\n<p>Some of the key reference examples are given below as guidance for the implementation of ISMS in the organization seeking ISO 27001 Certification in India.<\/p>\r\n\r\n\r\n\r\n<h3><strong><u>Guidelines for Implementation ISO 27001 standard before ISO 27001 certification.<\/u><\/strong><\/h3>\r\n\r\n\r\n\r\n<p>This case study details the start-up and growth of an organization related to the Information Security Program, which has been implemented.<\/p>\r\n\r\n\r\n\r\n<h4><strong><u>Phase 1- Risk Assessment.<\/u><\/strong><\/h4>\r\n\r\n\r\n\r\n<p>This phase is mandatory in the Risk Management Process, as it serves as the foundation for the other phases. Performing the Risk Assessment helped ABC Organization identify the weaknesses of the organization in the IT departments and it helps to enable the management team to make decisions regarding the implementation of the security controls.<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Risk Assessment promotes a consistent approach to measuring risks and allows stakeholders to place value on potential losses.<\/p>\r\n\r\n\r\n\r\n<p><strong><u>There is a sequence of steps that must be implemented in order to complete this phase, including:<\/u><\/strong><\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Scope Definition<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Asset Identification<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Impact Assessment<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Risk Identification.<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Control Identification<\/p>\r\n\r\n\r\n\r\n<h4><strong><u>Phase II: Information Security Planning.<\/u><\/strong><\/h4>\r\n\r\n\r\n\r\n<p>The objective of the planning phase is to protect the information of the ABC Organization related to the Legal and Application Requirements of the organization&#8217;s needs and expectation<\/p>\r\n\r\n\r\n\r\n<p>Access control planning \u2013 this can protect from unauthorized access to information and it helps to control from loss of information. It is an important step because it helps address the risks that were identified in the Risk Assessment by reducing or avoiding them. This phase helps in selecting the controls that address the security risks, and in documenting, and implementing the controls for the information system.<\/p>\r\n\r\n\r\n\r\n<p>The information security of an organization is an ongoing process. It helps to be implemented by the system owner or responsible person, i.e who is also responsible for implementing the security controls in that system.<\/p>\r\n\r\n\r\n\r\n<h4><strong><u>Phase III: Security Testing &amp; Evaluation.<\/u><\/strong><\/h4>\r\n\r\n\r\n\r\n<p>The security controls and verifies that they have been implemented as documented in the planning phase. The aim of this phase is to ensure that all the security controls are implemented as per ISO 27001 and SOA and that this implementation is functioning properly, as expected in accordance with the policies, objectives, standards, and documents. Also, this phase is conducted when new controls are added or changed during the system\u2019s life cycle, to ensure that they are performed effectively. This could be conducted by either an internal test team or an external party based on the resource requirements.\u00a0 <strong><u>\u00a0<\/u><\/strong><\/p>\r\n\r\n\r\n\r\n<h4><strong><u>There are several benefits of Security Testing and Evaluation<\/u><\/strong><\/h4>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Verification of the implementation of security controls.<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Ensure the overall security performance of the Security Control<\/p>\r\n\r\n\r\n\r\n<h4><strong><u>Phase IV: ISO 27001 Certification<\/u><\/strong><\/h4>\r\n\r\n\r\n\r\n<p>The organization will get ISO 27001 Certification\u00a0when the security controls have been successfully implemented and working properly as an acceptable level.<\/p>\r\n\r\n\r\n\r\n<h3><strong><u>Benefits of ISO 27001 Certification<\/u><\/strong><\/h3>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Comply with legal requirements<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Achieve Competitive Advantage<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Better organization security control<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Protected Information<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Ensured information<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Assessed the risks and mitigated the impact of a breach<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Increased Reliability<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Improved customer satisfaction<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0 Improved management processes and integrated with corporate risk<\/p>\r\n\r\n\r\n\r\n<h3><strong><u>Documents requirements of ISO 27001 Certification<\/u><\/strong><\/h3>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Context of the Organization<\/p>\r\n\r\n\r\n\r\n<p>&#8211; \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Statement of Applicability<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ISMS Controls<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Risk assessment<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ISMS of documents control<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ISMS Manual and Procedures<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ISMS Policy and its Objectives<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Competency Records<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Training records<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Records of design and development<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Record of Changes<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Records of nonconformity<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Monitoring performance information<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Monitoring and measurement results<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CAPA Procedure<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Business continuity procedure<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Record of training, skill, experience, and qualification<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Internal audit program<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Results of internal audit<\/p>\r\n\r\n\r\n\r\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Result of corrective action<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>The Objective of ISO 27001 -Information Security Management System, ISO 27001 implementation, and ISO 27001 Certification Confidentiality \u2013 Only authorized persons have the right to access information Integrity \u2013 Only authorized persons can change the information Availability \u2013 The information must be accessible to authorized persons whenever it is needed. Information is only accessible to&hellip;&nbsp;<a href=\"https:\/\/www.osscertification.com\/blog\/iso-27001-certification-in-india\/\" class=\"\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">ISO 27001 Certification in India<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":16214,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"off","neve_meta_content_width":70,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[115],"tags":[30,21,22,53,23,31],"class_list":["post-16270","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iso-27001-certification","tag-how-to-get-iso-27001-certification","tag-iso-27001-certification","tag-iso-27001-certification-benefits","tag-iso-27001-certification-in-hyderabad","tag-iso-27001-certification-in-india","tag-iso-27001-requirements"],"_links":{"self":[{"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/posts\/16270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/comments?post=16270"}],"version-history":[{"count":3,"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/posts\/16270\/revisions"}],"predecessor-version":[{"id":20034,"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/posts\/16270\/revisions\/20034"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/media\/16214"}],"wp:attachment":[{"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/media?parent=16270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/categories?post=16270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.osscertification.com\/blog\/wp-json\/wp\/v2\/tags?post=16270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}