Indian IT firms to undergo data security audit

Thursday, 26 August 2004, 07:00 Hrs
Printer Print Email Email
NEW DELHI: With overseas clients increasingly getting edgy about data security and protection of privacy, Indian IT firms are now likely to be audited by an independent body covering all areas of operations.

The National Association of Software and Service Companies (Nasscom), India's premier IT industry umbrella group, plans to unveil security audit with certification for all its 860 member companies soon.

"We are talking to three big audit firms for developing the framework for technical as well as operational security audit of IT companies," said Sunil Mehta, vice president of Nasscom.

"One of them will design the standard for audit. It should be finalised over the next 12 to 16 weeks," Mehta told IANS.

"Although many big IT firms follow stringent security audit on their own, the new framework that is being developed will serve as a global benchmark for the whole industry."

The official said although the audit wouldn't be mandatory, a slew of companies were expected to follow it as firms were fast realising the importance of adhering to global security standards that cover all areas of operations.

Labour unions in the US and Britain opposed to outsourcing of financial and other jobs allege that many companies in India don't have a robust information security backbone to ensure safety of financial and other data.

Companies in the US and Britain are also becoming increasingly sensitive about protection of personal data transferred to low-cost destinations like India for processing.

To address the concerns of its overseas clients, Indian IT services and outsourcing services companies are stepping up overall security measures.

"The protest against outsourcing in the West is slowly changing into a debate around security and privacy concerns. The Indian IT industry has to act in a pro-active manner to address these concerns," said Mehta.

"Most big Indian companies have robust security practices comparable to those followed by Western countries. We are now focussing our attention on small and medium enterprises," he said.

"We are also trying to educate all the enforcement agencies to highlight the importance of data security. More or less, we have the legislative framework in place to address this issue."

Spending on data security by Indian companies ranges between five and 15 percent of their total IT budget.

According to Mehta, while 16 domestic firms have already adopted BS 7799, a widely used global information security standard developed by the British Standard Institute, 30 others are in the process of implementing it.

Companies that comply with the BS 7799 standard ensure protection in the areas of usage policy, information classification policy, mobile computing policy, risk management policy and third party access policy.

India's vast pool of English-speaking workers coupled with its educational system and training programmes has helped transform the country into a global outsourcing superpower.

The rapidly growing IT industry has virtually turned India into an electronic housekeeper to the world, taking care of a host of routine activities for multinational giants.

Mehta said post 9/11 issues like security, privacy, business continuity and risk concentration had become "hot buttons" and that the Indian firms must address these issues urgently to win contracts from overseas clients.

Source: IANS
Wipro opens third industrial
IT major Wipro Ltd on Thursday opened its centre of excellence for Industrial Internet of Things (..
Google's Gboard gets offline
Google is adding an Artificially Intelligent (AI) offline dictation feature on its Gboard keyb..
Facebook denies cyber attack
Facebook ruled out a cyber attack on its products Whatsapp, Instagram and Messenger, which suf..
IBM announces programme
n a bid to recognise the contribution of developers in the open source community, Information ..