ISO 27001: 2013 - Information Security Management System in Manufacturing Sector

ISO 27001: 2013 - Information Security Management System in Manufacturing Sector:

Thanks to publicity about information leakage in Facebook, Google by media and increasing use of online shopping from Amazon, Flipkart etc., every single person knows what Information Security is and how important it is to keep data Safe. Other important aspect is due to boom in Indian IT sector in past 20 years, almost one member in every family has got into IT jobs, thus increasing knowledge of information security.

Due to dominance of IT business in India, people always associate information security with IT companies. Now, we need to think beyond IT sector and also think about information security in non IT sector especially manufacturing sector.

Similar to how software data is transferred from US or Europe to Indians companies for software development (coding and testing), large amount of data is being transferred to either MNC or Indian manufacturing and Engineering companies for processing.

So what is being processed here? It is normally engineering designs, drawings, images etc, this data contains important patent protected information like dimensions, material used and item usage specification. So if this data is not protected, there could be either data theft or even data tempering. This could lead to huge loss to both parent company and the manufacturing company in India, and can even lead to legal issues creating problems to all stake holders.

From past 10 years huge amount of data is being out sourced from Western countries and even country like Japan to Indian manufacturing companies for engineering work. Hence it becomes extremely important to secure all data to the fullest possible extent.

There is another aspect, from past few years, India has made great strides in manufacturing and we have many prestigious companies manufacturing starting from kitchen appliances, cars, ships to rockets and satellites. Indian companies have come long way in designing and manufacturing. Any loss of information which has been generated in-house would result in loss of brand image and completion issues.

Role of ISO27001 is keeping company information and assets secure. ISO 27001: 2013 standard ensures a systematic approach for protection of the data and assets.

For a practical approach of usage of ISO27001:2013 , let us look into example of a leading CNC machine tools manufacturing company, this company is involved in manufacturing of CNC Machine tools. These machines are built to customer specifications. The basic manufacturing process involved is combining mechanical items with the controllers. The controllers contain the computer boards, power supplies, and other electronic circuitry to operate the machine.

This company has invested crores of rupees on in house development of its products, so we know how important this data is for the company. There are many departments within this company such as design, manufacturing, human resources, IT, finance, admin/physical security and maintenance. We must remember all departments are dependent on each other for growth of the company and each department produces lots of information. First of all a number of procedures are written, on how departmental data needs to be protected. Once this procedure is formalized and implemented, it is duty of data owner to ensure he or she follows the procedure and there by keeping the data secure. Under ISO 27001:2013 all employees of the company have to show commitment to data security and this is monitored by a central authority. This systematic approach has ensured that the data is kept secured and even if there is a security incident, it becomes easier to investigate which reduces the loss to the company. As we can see from this particular example, ISO 27001: 2013 is very important for manufacturing companies in medium and large sector.

Types of manufacturing companies suitable for ISO27001 certification can be as follow:

  • Medium and large companies
  • Companies who have sensitive information or manufacturing data
  • Publically listed companies
  • Companies who are into in-house designing
  • Companies taking part in tendering process
  • Companies located in floods and seismic activities prone areas 

Some useful links for ISO 27001

TUV India with its pool of expert and qualified ISO 27001 Auditors will be happy to support Manufacturing Industry and IT Industry for ISO 27001 certification and training.

About The Author

P Srivatsa

Senior Lead Auditor - IT
TUV India Pvt Ltd