STQC operates third party ISMS certification scheme based on the ISO/IEC 27001 standard and offers ISMS Certification services since November 2001 to its valued clients in India and abroad.
The Certification Scheme is accredited by National Accreditation Board for Certification Bodies (NABCB), Quality Council of India, vide Accreditation no:ISMS003.
Scope
Authorised to certify any type of organization operating in any industrial, commercial or public sectors.
- Public demonstration
- Enhanced corporate image
- A positive response from potential customers
- Ensure management commitment
- Drives forward improvement process
- First internationally recognized certification body in the country for Information Security Management Systems.
- A team of competent ISMS lead auditors/auditors qualified as per international requirements.
- Government of India organization, able to act truly as an independent third party, with high degree and confidentiality and integrity.
- Able to offer services in a very cost effective, competent and credible manner with customer care as the focus.
- Member of the ISO Committee responsible for development of ISO/IEC 27001 standard.
Client profile
Client profile includes IT, ITeS, Banking/ Finance, Telecom, Healthcare, Automobiles, Manufacturing, Data Center, Public sector and Government organizations.
Documents required with Application form Client :
- Security Policy documents
- Statement of Applicability (SoA)
- Scope (in case a separate document on scope and boundaries exists)
Forms (downloads)
Contact US
Name and Designation | Address | Phone/Email/Fax |
---|---|---|
Atul Gupta, Scientist G |
STQC Directorate |
Phone: 011 - 24301372 Email: atulgupta AT stqc.gov.in Fax: 011 - 24363083 |
System And Software Audits:
1. Process Audit:
- Requirements Processes
- Development Processes
- Operational Processes
- Maintenance Processes
Audit of processes is done as per international standards/ Best practices such as ISO/IEC 12207, IEEE Software Engineering Standards, ISO 15504 (SPICE)
2. IT Infrastructure Audit:
Audit of critical IT Infrastructure deployed at Data Centre, Disaster Recovery Site, Network, Gateway, Front-Offices and Back Office locations is undertaken to verify that they are in compliance to Bill-of-Material and defined architecture. The audit also covers operationalization aspects of IT infrastructure:
- Hardware Configuration and Operationalization Audit
- Software Configuration and Operationalization Audit
- Deployed Solution Architecture and Operationalization Audit
- Gateway Audit
Support Services:
1. Support Services for Process:
Support services in setting up system & software processes like testing, configuration management, project planning etc. as per ISO/IEC 12207, IEEE Software Engineering Standards & Best Practices.
2. Support Services for Documentation:
Counselling services in development of system & software documentation such as Requirements Specification, User Manual, Plans & Reports etc.