Outsourcers Need Not Worry; India Is Secure

by CXOtoday Staff    Jun 10, 2004

According to a NASSCOM survey, companies have rarely faced any issues around data security, data protection or confidentiality while offshoring work to India. In fact Indian companies have robust security practices comparable to those followed by western companies. They primarily comply with BS 7799 - a global standard that covers all domains of security

As part of the recently launched Trusted Sourcing Initiative, NASSCOM- the apex body for the software services sector, had undertaken a report on the security framework to evaluate the Information Security environment (regulatory environment and security practices) in India.

The report done in conjunction with Evaluserve, benchmarks Indian IT and ITES-BPO companies with their counterparts in UK and US with regards to practices followed on data security, confidentiality and privacy laws.

Commenting on the report, Kiran Karnik, president, Nasscom, said, “The report revalidates the fact that Indian IT and ITES-BPO companies have adopted the best practices, including policies, procedures and technologies to provide adequate security to their clients. Many Indian companies have better security practices than the companies abroad. This is because Indian vendors not only follow their own best practices but also best practices shared by their clients in the west.”

Companies sign Service Level Agreements (SLA), which have very strict confidentiality and security clauses built into them at the network and data level. Such SLAs also cover all relevant laws that the companies want its offshore providers to comply with and actions that can be taken in case of breaches. Moreover, laws such as the IT Act 2000, Indian Copyright Act, Indian Penal Code Act and the Indian Contract Act, 1972 provide adequate safeguards to companies offshoring work to US and UK

Though India offers a secured environment for offshore services, however to further enhance India’s security management practices, NASSCOM recommends that companies should hire certified security professionals to take care of security issues and leverage their knowledge and expertise. Also spending on security should not be on ad hoc basis and companies need to make adequate investments for security purposes.