Information Security Group
|
Home > Certificates

Company Certifications

At Tech Mahindra we take pride in being certified to the best security and privacy certifications. Our certification are for the entire Enterprise and where required for select accounts.

Certification Certification/ Assessment body Description Coverage (Locations) Validity
ISO 27001 TUV Nord CERT GmbH ISO 27001, formally known as ISO/IEC 27001:2013, is an information security standard created by the International Organization for Standardization (ISO), which provides a framework and guidelines for establishing, implementing and managing an information security management system (ISMS). Global Valid from 30.03.2022 Valid until 29.03.2025
ISO 27701 TUV Nord CERT GmbH ISO 27701, also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy. Privacy information management systems are sometimes referred to as personal information management systems. Global Valid from 30.03.2022 Valid until 29.03.2025
ISO 22301 TUV Nord CERT GmbH ISO 22301 is designed to help organizations prevent, prepare for, respond to and recover from unexpected and disruptive incidents. Global Valid from 30.03.2022 Valid until 29.03.2025
SOC 2 Type 2 / ISAE 3000 KPMG SOC 2 Report is a report on controls at a Service Organization relevant to Trust Service Categories - Security, Availability, Processing Integrity, Confidentiality and Privacy of systems and infrastructure.
ISAE 3000 is the reporting standard for SOC 2 report. 		Global (Period) 1 October 2022 to 30 September 2023
SOC 1 Type 2 / International Standard on Assurance Engagements No. 3402 (ISAE 3402)/ SSAE 16 KPMG / Deloitte - A SOC 1 Report is a report on controls at a Service Organization which are relevant to user entities' internal control over financial reporting. - International Standard on Assurance Engagements (ISAE) 3402 is the attestation standard issued by the International Auditing and Assurance Standards Board (IAASB) is the reporting standard for SOC 1 report. Account Specific Annual
PCI-DSS Panacea / PCI (Payment Card Industry ) Standards Council PCI-DSS Panacea / PCI (Payment Card Industry ) Standards Council Certification for entities that store, process or transmit cardholder data utilizing the PCI Data Security Standards (DSS) as the assessment framework Account / Processes Specific Annual
Cyber Essentials Plus ProCheckUp Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the National Cyber Security Centre (NCSC). Cyber Essentials includes an assurance framework and set of security controls to protect information from threats coming from the internet. Account Specific Valid from 2023-05-18 Valid until 2024-05-18

Assessments

Certification Certification/ Assessment body Description Coverage (Locations)
Privacy Audit EY Assessment of Privacy controls based on Data Privacy requirements -Primarily based on GDPR Global
NIST Cyber Security 800-53 EY Assessment based on controls mentioned in NIST 800-53 Standard Global
TISAX - Level 3 DEKRA The TiSAX® (Trusted Information Security Assessment Exchange) testing and exchange standard and is based on the VDA ISA questionnaire, which in turn is derived from the ISO 27001 standard Bengaluru, Hyderabad, Pune, Düsseldorf
For Any Queries write to : ISGAssuranceLeads@TechMahindra.com
Copyright © Tech Mahindra Limited. All Rights Reserved