Computer Emergency Response Team, India (CERT-In) has taken an unprecedented move in the wake of the need to integrate into the global effort to meet the IT Security Standards and Implementation. CERT-In has mandated the annual audit of IT systems and network for all government and “critical infrastructure” organizations - both public and private.

Not only would they be audited, but annual reports on compliance of security norms would have to be filed with the National Information Bureau through CERT-In. In the face of increasing cyber crimes, a National Security Compliance Assurance Framework is in the pipeline that would mandate implementation of security controls and reporting of breach of IT security incidents.

Government has finalized a team of 18 auditors to conduct the audits. The Government certified auditors are namely TCS, Sify, PricewaterhouseCoopers, Mahindra-British Telecom, Secure Synergy Pvt. Ltd., Network Security Solutions, amongst others. Also the list of to-be-empanelled auditors would be announced shortly for third party audits.

As per the security assurance initiative, the companies have to identify one person responsible for IT security. And, the IT self assessment tools, security products and parameters would be in consonance with Information Security Management System (ISMS) Standards like ISO 15408 (IT Security), IS 15150 (Indian equivalent of BS 7799-2) and BS7799 / ISO 17799 (Information Security Management).

These developments would definitely compliment the CERT-In’s mission to enhance the security of India's Communications and Information Infrastructure through proactive action and effective collaboration.

Click here for more information about CERT and its activities:
www.cert-in.org.in/news