India to tighten offshoring data security

In the wake of data thefts, initiative will set and enforce standards among providers of outsourced services.

2 min read
India is creating a regulatory body to improve the level of security in companies providing offshore IT services and business process outsourcing.

The initiative has been spearheaded by the National Association of Software and Service Companies, or Nasscom, to assuage fears about Indian data security in the wake of incidents of call center data theft. The technology trade association also aims to promote the region as the safest place for IT and BPO amid rising competition from other offshoring locations.

"The key objective of creating the SRO (self-regulatory organization) is to raise the floor in security and safety standards in Indian outsourcing across the IT industry," Sunil Mehta, a vice president of Nasscom, told Silicon.com.

He said data security and privacy concerns have been identified as "the largest barriers to free trade."

The body will set standards for privacy and security, and monitor its members to ensure that they adhere to them. If it discovers breaches, it will consider a "range of punishments" that could include expelling members or involving law enforcement, Mehta said.

Training will also be offered to companies that need support in order to be compliant with the security standards.

Nasscom has been working on the initiative for more than a year and has invested $300,000 to launch it. The search is now under way for a CEO, which it hopes to find within six months. Once a chief executive is hired, the body will become entirely separate from Nasscom and will be funded by membership fees.

The body will be run by the CEO and a board of members from across the industry. It will be open to international companies as well as homegrown ones. Mehta expects that many of Nasscom's 1,050 members will want to join, and he said membership could provide a competitive advantage in winning offshoring business.

This is just one of Nasscom's recent efforts to improve data security and privacy in India. It has been instrumental in improving legislation and providing training for Indian police officers in cybercrime-fighting tactics.

Earlier this year, it launched the National Skills Registry to provide accountability for IT employees. Nasscom said the registry now includes 70 percent of the Indian IT work force.

Sylvia Carr of Silicon.com reported from London.