NSR, as an initiative of NASSCOM has always ascribed prime importance to information security of the data of Knowledge Professional. Right from the time NSR became operational, various measures have been initiated and implemented for enhancement and re-assurance of the Information Security. To benchmark the practices and procedures adopted for NSR against the global standards, NSR invited audit and got certified for ISO 27001 standards in March 2007.
ISO 27001 standards are published by International Organisation of Standards, to provide a model for setting up and managing an effective Information Security Management System (ISMS). ISO 27001 standards facilitate adoption of a process approach towards maintaining and measuring the effectiveness of an implemented ISMS, facilitating continuous improvement.
ISO 27001 implementation necessarily encompasses the various areas of Security Management Control namely Information Security Policy, Organization of Information Security, Asset Management (Classification and Control), HR Security, Physical & Environmental Security, Communications & Operations Management, Access Control, Systems Development & Maintenance, Information Security Incidence Management, Business Continuity Management and Compliance ( Legal / Regulatory etc.). ISO 27001 standards comprises of 11 major domains listed above with 39 control objectives and 133 controls specified by the standards body (ISO).