Sunday, November 7, 2010

The Importance of Data Confidentiality & Security in Outsourcing

The Importance of Data Confidentiality & Security in Outsourcing


Consideration of data confidentiality and security is of paramount importance when embarking on an outsourcing program, particularly for regulated entities in the financial services sector. In contrast to popular belief, the responsibility to comply with privacy and data confidentiality regulations does not get passed on to an outsourcing services provider, but rather remains with the buyer of outsourcing services. Therefore, buyers of outsourcing services are well advised to closely examine the physical and information technology security, as well as data confidentiality processes of prospective outsourcing service providers.

Examining an outsourcing provider’s capabilities with respect to data confidentiality and security begins with knowing what to ask. Below, we have compiled a series of helpful questions to ask of service providers regarding how they address a potential buyer’s concern about this important matter.

Physical Security

  1. Does the processing site and data center have a secure and controlled data center environment with: Fire suppression, Emergency power supply (UPS and generator), cooling, and building security?
  2. What is the process for personnel to gain entry to processing sites and data centers?
  3. Are electronic devices admitted into processing sites and data centers (i.e. Mobile phones with cameras)?
  4. Is there a ZERO right to privacy policy in place for processing sites and data centers?
  5. Is there video surveillance?
  6. How many layer of physical authentication exist to access the processing sites and data centers?
  7. Are biometric authentication procedures used?


Information Technology, Data Security.

  1. What are the procedures to ensure that only authorized users have access to the data?
  2. Are periodic background checks performed on personnel with access to the data?
  3. Are your processes/procedures certified (i.e. ISO, COBIT)?
  4. Are your processes/procedures and controls independently audited?


Data Confidentiality.

  1. What are the measures used to secure data transfers between all related parties?
  2. Is confidential data redacted according to user access rights?
  3. Does the processing center provide for a secure Processing Environment (no means to copy/print/email data)?


Choosing an outsourcing service provider partner that understands the impacts of a data security breach and has the processes in place to prevent such a breach is an important element of outsourcing process. While the above questions are not comprehensive by any means, they are however a solid starting point that will ideally lead to more questions with the objective of obtaining sufficient information to make an informed assessment of the outsourcing service provider’s capabilities in physical and information technology security, as well as data confidentiality. Ultimately, the results of this assessment should flow through to the contractual components including, the master service agreement, statement of work and service level agreement.

In our case, and just as an example, as we are a regulated financial services entity, we understand the significance of proper data controls and physical security and avails this knowhow and infrastructure in our IT and Business Process Outsourcing business unit. With a data center in Switzerland secured by five layers of physical security and ISO certified processes, we deliver secure outsourcing solutions to clients around the globe. Furthermore, we have developed a unique solution that encodes data at the source (from client site) so that processing personnel cannot see the encoded fields during processing. After processing, the encoding process is reversed at the endpoint (on client site), thus delivering comprehensive data confidentiality during the entire processing cycle.

Each client knows the level of security its processes requires and the services providers have realized about the importance of this topic, especially when working in the financial industry sector.




For more information about our services please contact:

Posted by at

1 comment:

  1. Premier BPO, Inc.November 22, 2010 at 3:37 PM

    Spot on article! It's a huge issue and Premier BPO, Inc. adheres to the principles and suggestions set out in this article and provides outsourced BPO, KPO and call center services to fellow Fortune 500/5000 companies and other industry leaders. Just listed on the Inc. 500/5000 list, Premier can dramatically reduce your company's costs while enhancing the quality of your services. For Case Studies, informative white papers and further information definitively demonstrating how these benefits are realized with the 125+ years of experience of our leadership and operations team, please visit http://www.PremierBPO.com and/or call Reese Bagwell at 931.551.8888.

    ReplyDelete

Subscribe to: Post Comments (Atom)