Connect With Us
Connect With Us

ISO/IEC 27001:2013

ISO/IEC 27001:2013 is an international standard for the Information Security Management System (ISMS) best practices that provides a general overview of what should be conducted by an organization or enterprise in an effort to implement the concept of information security. This specifies the requirements for establishing, implementing, operating, monitoring and continually improving ISMS for any entity irrespective of its size.



Why is ISO/IEC 27001: 2013 required?

The standard regulates some of ISMS implementation process as follows:

  • All activities should be in accordance with the purpose and process of information security that are clearly defined and documented in policies or procedures.
  • Existence of processes to verify all information security system elements through audit and reviews to ensure continuous improvement.
  • All security measurements that being used in the ISMS as outcome of risk analysis should be implemented to eliminate or reduce the level of risks at an acceptable levels.
  • Provide security controls that can be used by the organization during the implementation based on specific needs.


DescriptionNo. of Controls
Context of the organization8
Performance evaluation29
Total Management Controls148
Management direction for information security2
Organization of information security7
Human resource security6
Asset Management10
Access control13
Physical and environmental security15
Operation Security14
Communications Security7
System acquisition, development and maintenance13
Supplier relationships5
Information security incident management7
Information security aspects of business continuity management4
Total Operational Controls113
Total Control Points261

Is Tata Communications ISO/IEC 27001: 2013 certified?

Tata Communications has achieved ISO/IEC 27001: 2013 certification of Information Security Management System (ISMS) covering our infrastructure, data centres, and services. These standards will be valuable to customers, who can now benefit from enhanced quality and information security standards.



TCL- ISO/IEC 20000-1:2011 & TCL- ISO/IEC 27001: 2013 in-scope services:

Information Security Management System for service delivery and support operation of:

  • Data centre services
  • Managed hosting services
  • Managed security services
  • Managed cloud services
  • Cloud security service
  • Security consulting services
  • Manages storage and backup services


Managed Hosting ServicesIn-Scope services
Operating SystemMicrosoft windows, RHEL, OEL, Solaris, IBM‐AIX, SUSE Linux, Debian Linux, Ubuntu Linux, Cent OS, Fedora
NetworkVPN Gateway, Load balancer, switches, router
Storage/ BackupShared and dedicated models, SAN, NAS and FC /iSCSI
DatabaseOracle, MS-SQL, DB2 or MySQL database administration
MiddlewareMiddleware service is offered on applications including JBOSS; TOMCAT; Apache; WebLogic; WebSphere
Load BalancerStatic, Dynamic, Persistent: Radware, Citrix, SLB and GSLB, mSLB and mSLB with SSL off‐load
SecuritySIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth


IZO Private CloudIn-Scope services
ComputeCloud services, Virtual Services, Auto Scaling
NetworkVPN Gateway, Load balancer, switches, router, WAF, Firewall, NFV
Storage/BackupBlock, File and ICS (Object) backup
Scheduled data backup and data restoration
DatabaseManaged Oracle, MS-SQL, DB2 or MySQL database administration
MiddlewareManaged Middleware service is offered on applications including JBOSS; TOMCAT; Apache
Application maintenance
HypervisorVMware, Hyper-V and KVM
Load balancerStatic, Dynamic, Persistence : NFV-Virtual Appliance, Physical Appliance
SecuritySIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth


Review all of our global compliance programs

Contact us

Contact us to learn how we can help you unleash collaboration, creativity, and commercial innovation.

Home Cloud & Data Centres Compliance

ISO/IEC 27001:2013