tag:blogger.com,1999:blog-4045120317716354554.post5325085218688913955..comments2011-06-20T13:01:07.745+05:30Seclorehttp://www.blogger.com/profile/03723849538814822663noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4045120317716354554.post-53669551669859700422011-06-20T12:32:12.997+05:302011-06-20T12:32:12.997+05:30Hi Vipin,<br /><br />Rule 8 states that every entity to whom these &quot;Reasonable security practices and procedures and sensitive personal<br />data or information&quot; rules are applicable would be required to adopt reasonable security practices. Further, Rule 8(4) goes on to state that if a corporate has implemented ISO 27001, they would be deemed to have adopted these security practices (of course, subject to audit). Therefore, it makes sense to get a ISO27001 certification to ensure compliance.<br />- Shivangi NadkarniShivangi Nadkarnihttp://www.blogger.com/profile/06563251769212775712noreply@blogger.comtag:blogger.com,1999:blog-4045120317716354554.post-8339356462312414762011-06-16T16:26:48.553+05:302011-06-16T16:26:48.553+05:30Applying the same rule, can you also comment on rule 8 and its implementation? Is a body corporate specifically required to get IS/ISO/IEC 27001 or a similar comprehensive policy, which is approved by the central govt suffice? Would be much obliged if you could respond to vipings@yahoo.co.in<br /><br />Thanks<br />VipinAnonymousnoreply@blogger.com