Case Study: Ensuring Information Security with ISO 27001
R.S. Software (India) Ltd. is a global leader in the electronic payments industry.
This global leadership has been achieved through their deep engagements in their clients’ business space, backed by strong Application Management principles.
Since its inception in 1991, RS has built a world-class organization by benchmarking its customer processes against stringent global standards in the areas of People Management and Process Architecture. And in order to add value to their products and services, RS has constantly improved its processes to enhance product and service quality in line with their customers’ expectations.
Building the Information Security Management System
ISO/IEC 27001:2005, Information technology - Security techniques - Information security management systems - Requirements, specifies a management systems approach to the implementation of information security controls. It provides a framework for implementing an Information Security Management System (ISMS) that can safeguard information assets while making the process easier to manage, measure, and improve.
RS’s key driver for seeking ISO 27001 registration was that, in addition to the fact that key clients required and expected RS to demonstrate that it had a robust ISMS in place, the company wanted to ensure that all risks and vulnerabilities had been properly addressed.
Most organizations have a number of information security controls. However, without an ISMS, the controls tend to be somewhat disorganized and disjointed - often implemented as ad-hoc solutions to specific situations, or simply as a matter of convention.
Before RS implemented ISO 27001, their security controls addressed only certain aspects of IT or data security, specifically leaving non-IT information assets (such as paperwork and proprietary knowledge) less protected. After a gap analysis to help identify, manage, and minimize the range of threats that information is regularly subjected to, RS successfully implemented 132 of the 133 controls required by ISO 27001.
“With the implementation of the ISMS and ISO 27001 certification by Intertek, we know that both our IT and non-IT assets are properly taken care of,” commented Aniruddha Rai Chaudhuri, General Manager, Quality & Benchmarking at RS. “Business continuity planning and physical security, for example, have been beefed up with the implementation of the ISMS.”
Working with Intertek
“An excellent organization, the people involved are very knowledgeable and cooperative,” said Mr. Rai Choudhuri. “RS and Intertek always put their heads together in every process improvement initiative. There is a high level of mutual respect and trust. We always find something interesting and unique, and moreover, we maintain a good relationship.”