Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Security Environment in India

December 2007 by Frédéric Donnette, Global Security Mag

IT definitely has raised India’s bar globally because of its unmatched value proposition - in terms of the skill sets, higher productivity coupled with quality and scalability. The Information Technology sector has indeed played a significant role in transforming India’s image globally. A “secure and reliable” environment—defined by strong copyright, IT and cyber laws—is an imperative for the growth and future success of the ITS/BPO industries. NASSCOM has been proactive in pushing this cause and ensuring that the Indian Information Security environment benchmarks with the best across the globe. ITS/BPO companies in India are taking as many precautions as possible to ensure that data and personal information of their customers is protected. That means following international best practices, getting procedures audited by independent parties and making sure that these procedures are up to date and are being closely followed.

Indian companies have robust security practices comparable to those followed by western companies. Indian companies primarily comply with BS 7799 – a global standard that covers all domains of security.

Companies sign Service Level Agreements (SLA), which have very strict confidentiality and security clauses built into them at the network and data level. Such SLAs also cover all relevant laws that the companies want its offshore providers to comply with and actions that can be taken in case of breaches

Spending on security ranges from 5% to 15% of the IT budget

Laws such as the IT Act 2000, Indian Copyright Act, Indian Penal Code Act and the Indian Contract Act, 1972 provide adequate safeguards to companies offshoring work to US and UK

Most of the BPO companies providing services to UK clients ensure compliance with UK Data Protection Act 1998 (DPA) through contractual agreements

Companies dealing with US clients require compliance depending upon the industry served. E.g. Healthcare requires compliance with HIPAA, Financial services require compliance with GLBA. To ensure compliance with such laws, Indian vendors follow security practices as specified by clients such as security awareness, protection of information, non-disclosure agreements, screening of employees, etc. Further, clients conduct periodic audits to ensure compliance

Many companies in India are undergoing/have undergone SAS 70 Audit. SAS-70 assignments helps service companies operating from India to implement and improve internal controls, ensure minimal disruptions to business from clients’ auditors, and is potent marketing tool in the face of increasing competition.

Insurance premiums paid by Indian BPO companies for insuring themselves for security breaches have been declining since the past two years-a telling indicator of the robust security practices being followed by Indian companies




See previous articles

    

See next articles