The Government of India recognizes this and has mandated annual audit or certificate for Security Practices & Standards of the body corporate as a compliance to Reasonable Security Practices & Procedures to protect Sensitive Personal Data & Information in a computer resource which the organization owns, controls and operates, by amending “The IT Act 2000” in the year 2008 by introducing a new section 43A and making IT (Reasonable Security Practices & Procedures and Sensitive Personal Data & Information) Rules 2011.
✓ Explanation–For the purposes of this section,
(1) "Body corporate" means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities;
(2) "Reasonable security practices and procedures" means security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit. [The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011]
(3) "Sensitive personal data or information" means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit. Sensitive Data or Information of a person means Information Relating to..
ii) Financial Information such as Bank Account or credit card or debit card or other payment instrument details;
iii) Physical, physiological and mental health condition;
iv) Sexual Orientation;
v) Medical records and history;
vi) Biometric Information;
vii) Any detail relating to the above clauses
viii) Any of the information received under above clauses.
[Ref.: Sec. Rule 3 of IT (RSPPSPDI) Rules, 2011].
Further to this, to know the adequacy of reasonable security practices and procedures, IT audit is required (as per CERT-In guidelines, which are mandated by Ministry of Communication and IT). During the audit, the existing security policy and controls are reviewed for their adequacy, as outlined in the standards of ISO 27001, COBIT etc.
Dr CBS Cyber Security Services LLP is capable of conducting IT Security Audit and Assurance as per the requirements of CERT-In. We specialize in various parameters of IT Audits, including network mapping, vulnerability assessment/ exploitation, penetration testing, review and assessment of security policies and controls as per best practices, application security assessment, log review, incidence response and forensic auditing, malware/ backdoor detection, etc. as enumerated by CERT-In.
Your privacy is our priority. If you are the victim of any kind of cybercrime or part of it then feel free to discuss it with us at
email@example.com or call on +91 8829 077 770 / +91 9783 380 412 P.P.
Mr. Satyendra Singh. Our team is ready to help you 24*7.