GTS joins STQC to provide information security management

STQC (Standardisation, Training and Quality Certification) is a government of India-owned organisation, operating under the Ministry of Communication and Information Technology. It was set up in 1977 with the aim of improving the quality of Indian electronic and IT products and services.

GTS and STQC can now offer a suite of services for companies working towards implementing an Information Security Management System, in line with international standards such as B97799/ISO 7799.

ENOC Group Chief Executive Officer and Board Member, Hussain Sultan said: "Information Security Management Systems are the means by which senior management monitor and control their security, minimising the residual business risk and ensuring security to fulfil corporate, customer and legal requirements. This new partnership brings another area of greatly needed expertise to the GTS' portfolio."

The ISMS focus of GTS is to provide cost effective, competent and credible services. Highly qualified auditors will carry out Risk Assessment for any organisation, specifically looking at three basic components: Confidentiality - protecting sensitive information from unauthorised disclosure or intelligible interception; Integrity - safeguarding the accuracy and completeness of information and software and Availability - ensuring that information and vital services are available to users when required.

STQC acts as an accredited certification body, checking the Information Security Management System (ISMS) in an organisation against published ISMS standards.

"This is part of our commitment to a 'Quality and Information Security drive'. CMM and ISMS certifications are recognised best IT practices. As these are critical functions requiring specialised frameworks for introduction into any organisation, we take pride in bringing them to this region with the help of STQC," said Sultan.

Currently, GTS and STQC can provide independent third party ISMS certification; second party ISMS assessment (i.e. for suppliers and partners); readiness assessment in terms of risk assessment and gap analysis, and education and training services.

Training can be provided in IT security management, network security management, an overview and implementation training on the BS-7799, information security policies and procedures; business continuity planning and even a certified internal information security auditor course.

"Good information security practice enables the correct business information to be viewed and processed by the right people, to create and maintain an amicable atmosphere for any business to prosper," concluded Hussain Sultan.

ends