ISO/IEC 27001:2013
ISO/IEC 27001:2013 is an international standard for the Information Security Management System (ISMS) best practices that provides a general overview of what should be conducted by an organization or enterprise in an effort to implement the concept of information security. This specifies the requirements for establishing, implementing, operating, monitoring and continually improving ISMS for any entity irrespective of its size.
Why is ISO/IEC 27001: 2013 required?
The standard regulates some of ISMS implementation process as follows:
- All activities should be in accordance with the purpose and process of information security that are clearly defined and documented in policies or procedures.
- Existence of processes to verify all information security system elements through audit and reviews to ensure continuous improvement.
- All security measurements that being used in the ISMS as outcome of risk analysis should be implemented to eliminate or reduce the level of risks at an acceptable levels.
- Provide security controls that can be used by the organization during the implementation based on specific needs.
| Description | No. of Controls |
| Context of the organization | 8 |
| Leadership | 19 |
| Planning | 39 |
| Support | 28 |
| Operation | 9 |
| Performance evaluation | 29 |
| Improvement | 16 |
| Total Management Controls | 148 |
| Management direction for information security | 2 |
| Organization of information security | 7 |
| Human resource security | 6 |
| Asset Management | 10 |
| Access control | 13 |
| Cryptography | 2 |
| Physical and environmental security | 15 |
| Operation Security | 14 |
| Communications Security | 7 |
| System acquisition, development and maintenance | 13 |
| Supplier relationships | 5 |
| Information security incident management | 7 |
| Information security aspects of business continuity management | 4 |
| Compliance | 8 |
| Total Operational Controls | 113 |
| Total Control Points | 261 |
Is Tata Communications ISO/IEC 27001: 2013 certified?
Tata Communications has achieved ISO/IEC 27001: 2013 certification of Information Security Management System (ISMS) covering our infrastructure, data centres, and services. These standards will be valuable to customers, who can now benefit from enhanced quality and information security standards.
TCL- ISO/IEC 20000-1:2011 & TCL- ISO/IEC 27001: 2013 in-scope services:
Information Security Management System for service delivery and support operation of:
- Data centre services
- Managed hosting services
- Managed security services
- Managed cloud services
- Cloud security service
- Security consulting services
- Manages storage and backup services
| Managed Hosting Services | In-Scope services |
| Operating System | Microsoft windows, RHEL, OEL, Solaris, IBM‐AIX, SUSE Linux, Debian Linux, Ubuntu Linux, Cent OS, Fedora |
| Network | VPN Gateway, Load balancer, switches, router |
| Storage/ Backup | Shared and dedicated models, SAN, NAS and FC /iSCSI |
| Database | Oracle, MS-SQL, DB2 or MySQL database administration |
| Middleware | Middleware service is offered on applications including JBOSS; TOMCAT; Apache; WebLogic; WebSphere |
| Load Balancer | Static, Dynamic, Persistent: Radware, Citrix, SLB and GSLB, mSLB and mSLB with SSL off‐load |
| Security | SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth |
| Tata Communications Vayu Cloud | In-Scope services |
| Compute | Cloud services, Virtual Services, Auto Scaling |
| Network | VPN Gateway, Load balancer, switches, router, WAF, Firewall, NFV |
| Storage/Backup | Block, File and ICS (Object) backup Scheduled data backup and data restoration |
| Database | Managed Oracle, MS-SQL, DB2 or MySQL database administration |
| Middleware | Managed Middleware service is offered on applications including JBOSS; TOMCAT; Apache Application maintenance |
| Hypervisor | VMware, Hyper-V and KVM |
| Load balancer | Static, Dynamic, Persistence : NFV-Virtual Appliance, Physical Appliance |
| Security | SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth |
ABOUT ISO/IEC 27001:2013
Other certifications
We offer a wealth of experience and a wide portfolio of products designed to help your business grow. Discover more exciting opportunities and create a truly bespoke solution.
Frequently asked questions
What is the purpose of ISO/IEC 27001:2013?
The ISO/IEC 27001:2013 standard provides a global framework for managing information security risks. Its purpose is to ensure organisations establish, maintain, and continually improve an effective Information Security Management System (ISMS). It helps protect data confidentiality, integrity, and availability through structured controls, risk assessments, policies, and security best practices.
Can Tata Communications’ ISO/IEC 27001-certified services help businesses meet global data protection regulations?
Yes. Tata Communications’ ISO/IEC 27001:2013 certified services support businesses in meeting global security and privacy requirements. By following the ISO/IEC 27001:2013 information security management system, we help organisations strengthen compliance with regulations such as GDPR, HIPAA, and industry frameworks, ensuring secure cloud operations and reduced data protection risks.
What is ISO/IEC 27001:2013 certification, and why is it important for cloud services?
ISO/IEC 27001:2013 certification demonstrates that an organisation has implemented a rigorous, audited ISMS aligned with global best practices. For cloud services, it ensures that infrastructure, data centres, and operations follow strong security controls. This builds customer trust, reduces risk, and ensures cloud environments are protected against threats and vulnerabilities.
How does an Information Security Management System (ISMS) support data protection in the cloud?
An ISO/IEC 27001:2013 information security management system supports cloud data protection through defined policies, risk assessments, encryption controls, secure operations, supplier management, and incident response processes. It ensures that cloud environments are monitored, audited, and continuously improved, helping organisations maintain strong, consistent protection across all hosted data and services.
How does Tata Communications’ ISMS support enterprise information security and compliance?
Tata Communications’ ISMS, aligned with the ISO/IEC 27001:2013 standard, covers data centres, managed hosting, cloud services, and security operations. It ensures strict access control, monitoring, encryption, physical safeguards, and incident management. This framework helps enterprises maintain robust security, meet compliance obligations, and operate confidently in regulated environments.
What benefits do clients gain from Tata Communications’ ISO/IEC 27001:2013-certified cloud services?
Clients benefit from enhanced trust, strong data protection, and globally recognised security practices. With iso 27001 2013 controls applied across cloud, hosting, and security services, they gain resilience against threats, consistent compliance readiness, and secure infrastructure management. Our ISO/IEC 27001:2013 certified services ensure reliable, compliant, and highly secure cloud operations.
What’s next?
Experience our solutions
Engage with interactive demos, insightful surveys, and calculators to uncover how our solutions fit your needs.
Exclusively for You
Stay updated on our Cloud Fabric and other platforms and solutions.
Disclaimer: IZO™ Cloud is now Tata Communications Vayu Cloud. TATA COMMUNICATIONS VAYU branded services are available in India only.