It’s unusual to see India leading the way in terms of Information Security Management – dealing with cyber security threats in a structured, systematic way.
Rule 8 (4) of The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011) says:”The body corporate or a person on its behalf who have implemented either ISO/IEC 27001 standard or the codes of best practices for data protection as approved and notified under sub-rule (3) shall be deemed to have complied with reasonable security practices and procedures provided that such standard or the codes of best practices have been certified or audited on a regular basis by entities through independent auditor, duly approved by the Central Government.”
That effectively makes accredited certification to ISO/IEC 27001 a legal requirement for Indian organizations. Maybe, with more organisations forced to follow Information Security Management best practice, we may see a gradual, long term improvement in the protection of personal data – worldwide.
