Welcome!

News Feed Item

ISACA Releases Guidance on Securing Sensitive Personal Data

ISACA, a non-profit global association of more than 100,000 IT audit, security, risk and governance professionals, today released a guide to help Indian enterprises secure sensitive data and comply with India’s IT Act. Titled Securing Sensitive Personal Data or Information Under India’s IT Act Using COBIT 5, the book will educate business and IT leaders and other key stakeholders on the importance of securing sensitive personal data or information (SPDI) as required by India’s Information Technology Amendment Act, 2008. The guide is freely available in ISACA’s Knowledge Center at www.isaca.org/spdi.

The book provides a structured approach to comply with the Indian IT Act by using the COBIT 5 framework, the only business framework for the governance and management of enterprise information technology. It helps business leaders understand how to secure SPDI from risk mitigation, operational and implementation perspectives. Additionally, the book provides guidance to map the enterprise’s stakeholders with their specific needs on securing SPDI, using COBIT 5.

Commenting on the launch of the guide, Mr. Avinash Kadam, CISA, CISM, CGEIT, CRISC, advisor to ISACA’s India Task Force, said, “This guidance will surely act as a convenient code of good practices and guide for decision makers in enterprises to meet the requirements of Indian IT Act provisions on Sensitive Personal Data Protection.

“In today’s world, SPDI is used in every aspect of a business. It is used by very small organisations as well as very large enterprises. Securing SPDI cannot be done in isolation; the entire enterprise needs to be involved. The approach should be holistic as well as customisable to suit the size and nature of the business of the organisation, and COBIT 5 helps enable that.”

The Indian IT Act has a specific category, “sensitive personal data or information,” which consists of password, financial information (including bank account, credit card, debit card or other payment details), physical, physiological and mental health conditions, sexual orientation, medical records, and biometric information. This category in the Indian IT Act legally obligates all stakeholders (i.e., any individual or organisation that collects, processes, transmits, transfers, stores or deals with sensitive personal data) to adhere to its requirements. Some of the largest stakeholders could include owners of websites, banks, insurance companies, financial institutions, hospitals, educational institutions, service providers, travel agents, payment gateway providers and social media platforms, among many other entities.

According to India’s IT Act, the accountability for SPDI is with the governing body, which could be the chairman, board of directors, owner, proprietor, partner, head of an association or head of an institute.

The book discusses how COBIT 5 can help an enterprise meet the requirements of the IT Act by providing appropriate governance and management guidance and direction for securing SPDI, thus, also achieving the enterprise governance objective of risk optimization. It equips enterprises in India to govern and manage IT in a holistic manner, using the full, end-to-end business and IT functional areas of responsibility, and considering the IT-related interests of internal and external stakeholders.

ISACA also offers resources for Indian enterprises in its Knowledge Center. The India topic (www.isaca.org/topic-india) includes links, resources and discussions for IT and business professionals in India.

Additional information on Securing Sensitive Personal Data or Information Under India’s IT Act Using COBIT 5 is available at www.isaca.org/spdi.

About ISACA

With 100,000 members in 180 countries, including more than 6,000 members in India, ISACA® (www.isaca.org) is a global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA advances and attests IT skills and knowledge through the Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control (CRISC) designations. ISACA also continually updates and expands the practical guidance and product family based on the COBIT® framework.

Follow ISACA on Twitter: https://twitter.com/ISACANews

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, will posit that disruption is inevitable for c...
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
Providing the needed data for application development and testing is a huge headache for most organizations. The problems are often the same across companies - speed, quality, cost, and control. Provisioning data can take days or weeks, every time a refresh is required. Using dummy data leads to quality problems. Creating physical copies of large data sets and sending them to distributed teams of developers eats up expensive storage and bandwidth resources. And, all of these copies proliferating...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...
In recent years, containers have taken the world by storm. Companies of all sizes and industries have realized the massive benefits of containers, such as unprecedented mobility, higher hardware utilization, and increased flexibility and agility; however, many containers today are non-persistent. Containers without persistence miss out on many benefits, and in many cases simply pass the responsibility of persistence onto other infrastructure, adding additional complexity.
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Pentaho has announced orchestration capabilities that streamline the entire machine learning workflow and enable teams of data scientists, engineers and analysts to train, tune, test and deploy predictive models. Pentaho’s Data Integration and analytics platform ends the ‘gridlock’ associated with machine learning by enabling smooth team collaboration, maximizing limited data science resources and putting predictive models to work on big data faster – regardless of use case, industry, or languag...