March 2010: Successful ISO/IEC 27001 Certification
NII Consulting (Network Intelligence (India) Pvt. Ltd.) is the first information security consulting company in India to be awarded the ISO /IEC 27001 certification. ISO/IEC 27001 is an Information Security standard which requires creating, managing and maintaining a robust information security management system.
We have successfully implemented an information security management system across all our internal processes and consulting services for the Mumbai operations. This certification re-affirms the adoption of proven security policies and procedures as part of the information security management system. It also ensures the protection of assets, management of risks and security of all information related to the company, clients, and partners.
Certificate No: 8280ISM001
Our Information Security Management System complies with requirements of ISO/IEC 27001:2005 for the following scope.
Information Security Management System covering all information assets used for providing information security management advisory services, vulnerability assessment services, penetration testing services, training services, computer forensics services, internal security audits and support services from its centre at Mumbai - 204, Ecospace, Off Old Nagardas Road, Andheri East and logically boundary extending up to Router connecting to external Radio Frequency / Microwave Connection. This includes the operation of communication to support the LAN and WAN terminating at the environment at Ecospace Mumbai.This is in accordance declared within the Statement of Applicability (Version 6.0).
The certifying body: ISOQAR is an accredited certification body who are authorised to audit organizations and issue certificates against a variety of management systems (including ISO 9001, ISO 14001, OHSAS 18001 and ISO 27001).
Domains covered in the certification process: The ISO 27001 standard outlines 11 domains within which security controls have been identified. These controls are implemented as applicable to the organization. These domains are:
- Security Policy
- Organization of Information Security
- Asset Management
- Human Resource Security
- Physical and Environmental Security
- Communications and Operations and Management
- Access Control
- Information Systems Acquisition, Development, and Maintenance
- Information Security Incident Management
- Business Continuity Management
- Compliance (for legal and regulatory requirements)