Security Environment in India
December 2007 by Frédéric Donnette, Global Security Mag
IT definitely has raised India’s bar globally because of its unmatched value proposition - in terms of the skill sets, higher productivity coupled with quality and scalability. The Information Technology sector has indeed played a significant role in transforming India’s image globally. A “secure and reliable” environment—defined by strong copyright, IT and cyber laws—is an imperative for the growth and future success of the ITS/BPO industries. NASSCOM has been proactive in pushing this cause and ensuring that the Indian Information Security environment benchmarks with the best across the globe. ITS/BPO companies in India are taking as many precautions as possible to ensure that data and personal information of their customers is protected. That means following international best practices, getting procedures audited by independent parties and making sure that these procedures are up to date and are being closely followed.
Indian companies have robust security practices comparable to those followed by western companies. Indian companies primarily comply with BS 7799 – a global standard that covers all domains of security.
Companies sign Service Level Agreements (SLA), which have very strict confidentiality and security clauses built into them at the network and data level. Such SLAs also cover all relevant laws that the companies want its offshore providers to comply with and actions that can be taken in case of breaches
Spending on security ranges from 5% to 15% of the IT budget
Laws such as the IT Act 2000, Indian Copyright Act, Indian Penal Code Act and the Indian Contract Act, 1972 provide adequate safeguards to companies offshoring work to US and UK
Most of the BPO companies providing services to UK clients ensure compliance with UK Data Protection Act 1998 (DPA) through contractual agreements
Companies dealing with US clients require compliance depending upon the industry served. E.g. Healthcare requires compliance with HIPAA, Financial services require compliance with GLBA. To ensure compliance with such laws, Indian vendors follow security practices as specified by clients such as security awareness, protection of information, non-disclosure agreements, screening of employees, etc. Further, clients conduct periodic audits to ensure compliance
Many companies in India are undergoing/have undergone SAS 70 Audit. SAS-70 assignments helps service companies operating from India to implement and improve internal controls, ensure minimal disruptions to business from clients’ auditors, and is potent marketing tool in the face of increasing competition.
Insurance premiums paid by Indian BPO companies for insuring themselves for security breaches have been declining since the past two years-a telling indicator of the robust security practices being followed by Indian companies