ISO 27001: 2005 (INFORMATION SECURITY AND MANAGEMENT SYSTEM)

Certification: ISO/IEC 27001:2005
Certification Name: Information Security Management System (ISMS)
Certificate Number: IS 530516
Certified on: November 29, 2007
Latest Issue: January 31, 2009
Expiry Date: November 28, 2010
Certifying Agency : British Standards Institution 

Scope of Certification
The management of information security that covers the provisioning of telecom carrier strategic outsourcing, process transitioning, transformation solutions, operations and related support functions, including the activities carried out in accordance with the Data Protection Act 1998 (UK), Belgian Law on Privacy Protection in relation to the processing of Personal Data, Directive 95/46 EC of the European Parliament and of the council of European Union on protection of individuals with regard to processing of personal data and on the free movement of such data for services being rendered from Operations Delivery Centre (ODC) and Shared Service Centre (SSC) at Tata Communications Transformation Services Limited (TCTS), Chennai, and Global Delivery Centre (GDC), TCTS, Pune, India

ISO 27001: 2005 (INFORMATION SECURITY AND MANAGEMENT SYSTEM)
ISO/IEC 27001 is an Information Security Management System (ISMS) standard published by the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC). The standard aims to protect organisational information assets and adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the ISMS.

ISO/IEC 27001 requires that management:

• Systematically examines the organization's information security risks, taking account of the threats, vulnerabilities and impacts;
   
• Designs and implements a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that it deems unacceptable. Controls required address key areas such as Asset Management, Human Resources, Communications and Operations, Physical and Environment, Access Control, and Business Continuity, amongst others.

• Adopts an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.

Given the nature of its business, TCTS frequently has access to the information assets of its customers. Further, TCTS considers its own people and information assets as a source of competitive advantage. To address these imperatives, TCTS proactively obtained certification under this standard in November 2007 and has maintained it to the satisfaction of the Certifying Body till date.

TCTS has enhanced the scope of this certification to include compliance to the Data Protection Act 1998 (UK), Belgian Law on Privacy Protection, and Directive 95/46 EC of the European Parliament and of the Council of the European Union.