TATA
TATA

ISO/IEC 27001:2013 is an international standard for the Information Security Management System (ISMS) best practices that provides a general overview of what should be conducted by an organization or enterprise in an effort to implement the concept of information security. This specifies the requirements for establishing, implementing, operating, monitoring and continually improving ISMS for any entity irrespective of its size.

 

 

Why is ISO/IEC 27001: 2013 required?

The standard regulates some of ISMS implementation process as follows:

  • All activities should be in accordance with the purpose and process of information security that are clearly defined and documented in policies or procedures.
  • Existence of processes to verify all information security system elements through audit and reviews to ensure continuous improvement.
  • All security measurements that being used in the ISMS as outcome of risk analysis should be implemented to eliminate or reduce the level of risks at an acceptable levels.
  • Provide security controls that can be used by the organization during the implementation based on specific needs.

 

Description No. of Controls
Context of the organization 8
Leadership 19
Planning 39
Support 28
Operation 9
Performance evaluation 29
Improvement 16
Total Management Controls 148
Management direction for information security 2
Organization of information security 7
Human resource security 6
Asset Management 10
Access control 13
Cryptography 2
Physical and environmental security 15
Operation Security 14
Communications Security 7
System acquisition, development and maintenance 13
Supplier relationships 5
Information security incident management 7
Information security aspects of business continuity management 4
Compliance 8
Total Operational Controls 113
Total Control Points 261

 

 

Is Tata Communications ISO/IEC 27001: 2013 certified?

Tata Communications has achieved ISO/IEC 27001: 2013 certification of Information Security Management System (ISMS) covering our infrastructure, data centres, and services. These standards will be valuable to customers, who can now benefit from enhanced quality and information security standards.

 

TCL- ISO/IEC 20000-1:2011 & TCL- ISO/IEC 27001: 2013 in-scope services:

Information Security Management System for service delivery and support operation of:

  • Data centre services
  • Managed hosting services
  • Managed security services
  • Managed cloud services
  • Cloud security service
  • Security consulting services
  • Manages storage and backup services

 

Managed Hosting Services In-Scope services
Operating System Microsoft windows, RHEL, OEL, Solaris, IBM‐AIX, SUSE Linux, Debian Linux, Ubuntu Linux, Cent OS, Fedora
Network VPN Gateway, Load balancer, switches, router
Storage/ Backup Shared and dedicated models, SAN, NAS and FC /iSCSI
Database Oracle, MS-SQL, DB2 or MySQL database administration
Middleware Middleware service is offered on applications including JBOSS; TOMCAT; Apache; WebLogic; WebSphere
Load Balancer Static, Dynamic, Persistent: Radware, Citrix, SLB and GSLB, mSLB and mSLB with SSL off‐load
Security SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth

 

IZO Private Cloud In-Scope services
Compute Cloud services, Virtual Services, Auto Scaling
Network VPN Gateway, Load balancer, switches, router, WAF, Firewall, NFV
Storage/Backup Block, File and ICS (Object) backup
Scheduled data backup and data restoration
Database Managed Oracle, MS-SQL, DB2 or MySQL database administration
Middleware Managed Middleware service is offered on applications including JBOSS; TOMCAT; Apache
Application maintenance
Hypervisor VMware, Hyper-V and KVM
Load balancer Static, Dynamic, Persistence : NFV-Virtual Appliance, Physical Appliance
Security SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth

 

Review all of our global compliance programs

ABOUT ISO/IEC 27001:2013
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

Contact us

Contact us to learn how we can help you unleash collaboration, creativity, and commercial innovation.

Contact Us

Other certifications

We offer a wealth of experience and a wide portfolio of products designed to help your business grow. Discover more exciting opportunities and create a truly bespoke solution.

ISO/IEC 20000-1:2011
ISO/IEC 20000-9:2015
ISO/IEC 27017:2015
ISO/IEC 27018:2014
SOC1
SOC2
MTCS
CSA STAR
PCI DSS
HIPAA
GDPR
BDSG
MeitY
G-Cloud 10
Scroll To Top