We can assist companies in the BPO and IT/ITES industry in developing and implementing world-class security governance structure and risk management processes that will effectively alleviate the perceived risks of outsourcing amongst its customer base.
Paladion has the industry-specific experience, knowledge and technology skills to assist you in designing and implementing a security management system in your organization that is in conformance with the specific information risk management requirements from leading international standards and regulations such as BS 7799/ISO 27001, ITIL, COBIT and client-specific security policies and standards.
Information Security and Data Privacy concerns are paramount as organizations outsource their IT Services and business processes, especially to offshore service providers. As sensitive information such as financial, insurance, medical and personal is accessed by offshore outsourcing service providers, there is a growing concern about the manner in which it is being collected, stored and utilized. This is shaped by various security and privacy regulations such as GLBA, SOX, HIPAA, OCC Guidelines, FISMA and EU Directives to name a few.
Organizations demand a high level of information security controls from their outsourcing service providers and are incorporating stringent provisions for information security in their contractual agreements with service providers, as the consequences of an information security breach could lead to business harm and legal liability.
This is not merely a matter of competitive advantage for service providers in the BPO and IT/ITES industry. Service providers could be liable under various security, privacy, trade secret and copyright laws in case of breaches such as unauthorized disclosure of financial information, release of maliciously modified financial information, and disclosure of customer information, for example, a person's financial status, health condition or employment. These types of regulatory, legal, statutory and contractual requirements are not limited to actions by the service provider alone. The organization that has outsourced its services can be liable for information security breaches by the service provider and the organization suffers equally in case of such breaches by its own staff or by service provider personnel.