ISO/IEC 27001:2013
ISO/IEC 27001:2013 is an international standard for the Information Security Management System (ISMS) best practices that provides a general overview of what should be conducted by an organization or enterprise in an effort to implement the concept of information security. This specifies the requirements for establishing, implementing, operating, monitoring and continually improving ISMS for any entity irrespective of its size.
Why is ISO/IEC 27001: 2013 required?
The standard regulates some of ISMS implementation process as follows:
- All activities should be in accordance with the purpose and process of information security that are clearly defined and documented in policies or procedures.
- Existence of processes to verify all information security system elements through audit and reviews to ensure continuous improvement.
- All security measurements that being used in the ISMS as outcome of risk analysis should be implemented to eliminate or reduce the level of risks at an acceptable levels.
- Provide security controls that can be used by the organization during the implementation based on specific needs.
| Description | No. of Controls |
| Context of the organization | 8 |
| Leadership | 19 |
| Planning | 39 |
| Support | 28 |
| Operation | 9 |
| Performance evaluation | 29 |
| Improvement | 16 |
| Total Management Controls | 148 |
| Management direction for information security | 2 |
| Organization of information security | 7 |
| Human resource security | 6 |
| Asset Management | 10 |
| Access control | 13 |
| Cryptography | 2 |
| Physical and environmental security | 15 |
| Operation Security | 14 |
| Communications Security | 7 |
| System acquisition, development and maintenance | 13 |
| Supplier relationships | 5 |
| Information security incident management | 7 |
| Information security aspects of business continuity management | 4 |
| Compliance | 8 |
| Total Operational Controls | 113 |
| Total Control Points | 261 |
Is Tata Communications ISO/IEC 27001: 2013 certified?
Tata Communications has achieved ISO/IEC 27001: 2013 certification of Information Security Management System (ISMS) covering our infrastructure, data centres, and services. These standards will be valuable to customers, who can now benefit from enhanced quality and information security standards.
TCL- ISO/IEC 20000-1:2011 & TCL- ISO/IEC 27001: 2013 in-scope services:
Information Security Management System for service delivery and support operation of:
- Data centre services
- Managed hosting services
- Managed security services
- Managed cloud services
- Cloud security service
- Security consulting services
- Manages storage and backup services
| Managed Hosting Services | In-Scope services |
| Operating System | Microsoft windows, RHEL, OEL, Solaris, IBM‐AIX, SUSE Linux, Debian Linux, Ubuntu Linux, Cent OS, Fedora |
| Network | VPN Gateway, Load balancer, switches, router |
| Storage/ Backup | Shared and dedicated models, SAN, NAS and FC /iSCSI |
| Database | Oracle, MS-SQL, DB2 or MySQL database administration |
| Middleware | Middleware service is offered on applications including JBOSS; TOMCAT; Apache; WebLogic; WebSphere |
| Load Balancer | Static, Dynamic, Persistent: Radware, Citrix, SLB and GSLB, mSLB and mSLB with SSL off‐load |
| Security | SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth |
| Tata Communications Vayu Cloud | In-Scope services |
| Compute | Cloud services, Virtual Services, Auto Scaling |
| Network | VPN Gateway, Load balancer, switches, router, WAF, Firewall, NFV |
| Storage/Backup | Block, File and ICS (Object) backup Scheduled data backup and data restoration |
| Database | Managed Oracle, MS-SQL, DB2 or MySQL database administration |
| Middleware | Managed Middleware service is offered on applications including JBOSS; TOMCAT; Apache Application maintenance |
| Hypervisor | VMware, Hyper-V and KVM |
| Load balancer | Static, Dynamic, Persistence : NFV-Virtual Appliance, Physical Appliance |
| Security | SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth |
ABOUT ISO/IEC 27001:2013
Other certifications
We offer a wealth of experience and a wide portfolio of products designed to help your business grow. Discover more exciting opportunities and create a truly bespoke solution.
Disclaimer: IZO™ Cloud is now Tata Communications Vayu Cloud. TATA COMMUNICATIONS VAYU branded services are available in India only.
What’s next?
Experience our solutions
Engage with interactive demos, insightful surveys, and calculators to uncover how our solutions fit your needs.
Exclusively for You
Stay updated on our Cloud Fabric and other platforms and solutions.