Naavi and Ujvala Consultants Pvt Ltd have been using the framework titled IISF-309 (Indian Information Security Framework 309) as the framework for conducting ITA 2008 compliance audit.
This framework recognized the following risk domains
Under this framework, Data Privacy Risk was focussed on compliance of Sections 43A, 72A, 43 and 66. Now PDPB 2019 (to be called DPA 2022 when passed) would replace Section 43A. Additionally it would be necessary for all organizations to report data breach of non personal data also to the Data Protection Authority to be created under PDPB 2019. Organizations may also need to keep track of “Anonymized personal data” which may be part of the information that the Government may direct sharing in certain circumstances.
However, for an organization engaged in processing of data, it will be necessary to be compliant both with ITA 2000 and PDPB 2019/DPA2022.
We have gone into the details of PDPB 2019 and created a Data Trust Score System that tries to measure and represent the effectiveness of the compliance of PDPB 2019/DPA 2022.
Since we already had the framework IISF 309 for compliance of ITA 2008, it has been now upgraded into DPCSI-ITA 2000 as an extension of DPCSI just like DPCSI-GDPR is an extension of the DPCSI for compliance of GDPR.
DPCSI-ITA 2000 which is the new avatar of IISF 309 will have 40 implementation specifications similar to the 50 Model Implementation Specifications of DPCSI. These 40 implementation specifications have been carved out of the DPCSI Model implementation specifications and tuned to meet the risks under ITA 2000/8.
Since we also have a DTS system geared to measure the implementation effectiveness of Personal Data Protection under PDPB 2019, which is also capable of being adopted to the implementation of GDPR compliance, a similar system would be extended to measure the compliance of ITA 2000/8 based on the 40 implementation specifications presently identified.
Watch out for more information on the DTS tools for GDPR compliance and ITA 2008 compliance to be made public soon.