 |
|
Approval to Posco SEZ in Orissa
MORE
[+]
|
|
| |
|
| |
05. INFOTECH |
| |
 |
| |
Indian IT BPO
Industry – an Overview of Information Security Practices and
Standards |
| |
|
| |
 |
|
Information Security is
emerging as the greatest challenge facing countries, companies
and individuals in the global networked economy. Recent incidents
of call centre data theft in India have been much publicised.
Few other countries are subject to the same level of scrutiny,
but what are the facts? Problems related to data security are
not limited to any one country. Research conducted in 2005 found
that there were more security breaches in UK and the US than
in India. In the past 18 months, according to reports by privacy
watch-groups, the incidents of identity theft in the US alone
have been 148 and affected nearly 94 million identities. In
the UK, the Home Office estimates that identity thefts result
in losses of over a billion pounds, and a quarter of all UK
citizens have either been affected by ID theft or know someone
who has been. |
|
| |
|
| |
Security
breaches
The reality is that India is at least as safe (and in
many cases safer) than most other countries when it comes
to Information Security. NASSCOM has been playing a very
proactive role in ensuring that the Indian Information
Security environment benchmarks with the best across the
globe. The association has been working closely with both
the IT and ITES-BPO industries to create an Information
Security culture within these segments. NASSCOM has also
been interacting with the Indian Government on the issue
of creating a robust regulatory environment that will
further strengthen information security initiatives being
rolled out within IT and ITES-BPO organizations. A “secure”
environment—defined by strong copyright, IT and cyber
laws—is an imperative for the growth and future success
of the IT and ITES-BPO industries, and NASSCOM has been
working with the Indian government to achieve this goal.
NASSCOM has taken a holistic view of Information Security
through its ‘Trusted Sourcing’ initiative to
strengthen the regulatory framework and further improve
India’s attractiveness as an outsourcing destination.
The ‘Trusted Sourcing’ initiative is targeted
at employees, organizations, enforcement agencies and
policy amendment and is in various stages of implementation.
Some milestones achieved are:
• National Skills Registry
- 24 companies accounting for 30% of industry’s total
workforce have already registered
- Additionally 25,000 employees are registered
• Self Regulatory Organization in final rollout stage
• Trusted Sourcing Initiative, 4E framework charts
progress
• Indian IT ACT amendments underway
• Discussions underway on creation of a new international
security standard
National Skills Registry
(NSR)
Launched in January 2006, NSR has achieved a significant
milestone. As on date, 25000 employees and 24 companies
accounting for approximately 30% of industry’s total
workforce have registered. NSR, a centralized database
of employees of the IT services and BPO companies, was
launched as a step to ensure that there is a verified
database (with independent background checks) of the human
resources within the Industry. This is the first such
registry of its kind in the global IT BPO industry.
|
|
Self
Regulatory Organisation (SRO)
SRO is an independent self-regulatory body that will establish,
monitor, and enforce privacy and data protection standards
for India’s IT BPO Industry. The SRO has already
completed its initial round of funding and the final rollout
phase including industry memberships is underway. The
SRO will commence operations in the next 3-6 months. It
has already received the approval and backing of the NASSCOM
Executive Council. SRO, the only organization of its kind
in the IT BPO industry globally, will raise the bar on
Information Security practices among Indian organizations
and help India differentiate itself.
Cyber Labs and Cyber Crime
Training
As part of the Trusted Sourcing Initiative, NASSCOM has
been working very closely with Indian law enforcement
organizations. NASSCOM has set-up cyber training labs
in Mumbai and Thane for training police officers in cyber
crime investigation. Similar Cyber Labs are being planned
Pune (in Oct 06) and Bangalore (Nov 06) and after that
in Delhi, Hyderabad and Kolkata
as on date, approximately 1800 police officers have been
trained
helped Mumbai Police launch a toll free infoline with
24x7 call center
conducted several workshops and seminars for trial judges
and public prosecutors across the country
NASSCOM is also generating awareness among consumers on
cyber crimes through Cyber Safety Weeks. Cyber Safety
Week is an annual event in Mumbai since 2003 and was recently
conducted in Hyderabad in 2006. It will be extended to
more States in 2006-07.
Amendment to the Indian IT ACT
NASSCOM worked with the government to evolve recommendations
for amendments to further strengthen the Indian IT Act
2000. The recommendations are focused around protecting
overseas customer data and tightening the punishment for
defaulters. We understand that the amendments to the Indian
IT Act are in the final stages of approval within government
and should get tabled in the next session of the parliament.
Additionally, most Indian IT BPO companies conform to
global standards such as BS 7799 and also specific standards
depending on the country/sector they cater to. For example
in the US, Healthcare requires compliance with HIPAA,
Financial services require compliance with GLBA. |
|
|
Results
of Independent Surveys by Global Standards Bodies
The independent third party audits and surveys by reputed global
organizations also confirm India’s adherence to the global
standards in Information Security.
In March 2006, the Banking Code Standards Board, an independent
British regulatory organisation, visited eight Indian call centres.
These handle over one million inbound calls from the UK each
month together with other processing work. The review, the second
conducted, identified good standards of compliance with the
Banking Code. In particular they found that:
UK management retain strong control over the outsourced activities.
Selection and training of staff are exemplary, as are arrangements
for customer privacy and data security.
Staff are increasingly being encouraged to depart from rigid
call scripts to give a more natural customer experience.
Customer data is subject to the same level of security as in
the UK. High risk and more complex processes are subject to
higher levels of scrutiny than similar activities onshore.
The BCSB gave a green ‘traffic light’ grading to all
eight call centres visited. According to Paul Smith, Head of
Compliance Monitoring at the Banking Code Standards Board, “Recent
press has raised concern among critics of Indian banking call
centres that simply do not reflect the observations that I have
made during monitoring visits carried out on behalf of the Banking
Code Standards Board during 2005 and earlier this year”.
In addition, the Financial Services Authority (FSA) conducted
a comprehensive investigation into Offshore Operations in India
in April 2005. It found that while cost advantages were the
initial driver for offshoring, many financial services firms
now state that they will continue offshoring to India, almost
regardless of the economic environment. Firms stated that as
most of the staff are graduates the quality of work is extremely
high.
NASSCOM launched the Trusted
Sourcing initiative last year that seeks to re-in force India
as a secure and reliable technology partner. NASSCOM has also
instituted the 4E framework to establish India as a trusted
sourcing destination. This framework ensures highest standard
of information security in the outsourcing industry in India. |
|
|
