Outsourcing Times

Is it okay for your doctor to use Google search as part of his/her practice? Well, it has caused a furor in certain parts. There is an implied suggestion of incompetence over the process. But do you really think so? I mean if I don’t know how to solve a case and try to get help, it means I am competent enough to recognize when I need help. It also shows that curing a patient is uppermost on the doctor’s mind.

A recent study in Australia has actually approved of the practice in difficult cases. Using 26 difficult diagnostic cases published in the New England Journal of Medicine, doctors from Brisbane's Princess Alexandra Hospital Googled three to five symptoms from each case. And guess what? There was a significant improvement in diagnosis using the search engine! Desicritics.org reports:

The controversy seems needless considering the larger trends that have been occurring in Western Medical Practice. The two trillion dollar U.S Health industry is increasingly forcing financially overburdened Americans to seek other avenues for their health procedures. The internet has opened their eyes to the possibility of affordable health care in foreign destinations, India being a particular hot spot.

Read more: Medical Procedure Outsourcing: Truly Alternative Medicine

Outsourcing doesn’t work every time, everywhere. Recently, the New York City Department of Education virtually prohibited US companies from hiring teachers from other countries. The main reason cited was that it was not possible to undertake their background checks in foreign states. For quite some time now, a controversy had been raging about whether US companies can employ teachers in other countries to tutor American children.

Given the huge shortage of teachers in the country, it seemed like a logical next step. The companies planning distant learning had argued that since the student and teacher do not come into contact, do not talk with each other and as everything is done on computers, the background checks are unnecessary. Dnaindia.com reports:

But the officials did not agree as the rules provided that teachers must give their finger prints and social security numbers, the latter which only American educators can give. As a result, the New York authorities cancelled the $2 million a year contract of a Texas-based Indian American owned company Socratic Learning Inc, which, the Educations Department said had employed 250 teachers in India and was expected to tutor some 2,000 children.

Read more: NY dept prohibits US firms from outsourcing teaching

-- By Priya Venkatesh, Staff Writer

Are you into outsourcing? Do you outsource your work overseas? Here is an piece of interesting news for you!

A recent survey by the CSI & FBI uncovered the steep increase in the sub contraction of security functions around the globe.The survey has unveiled that the rate of outsourcing of security related projects has approximately doubled when compared to the statistical data of year 2005.

It is believed that the decrease in the number of security breaches & reduction in monetary losses due to outsourcing have accounted to the results of this survey!

Read one of my previous post on 'Driving towards a highly secure IT Network' to know the security measures taken by the IT companies across the globe!

-- By Priya Venkatesh, Staff Writer

Are you afraid of the security breaches occurring in the IT network as on date? Do you have second thoughts in outsourcing your work due to this fact? Read on to know how proactive the IT industry is in enhancing the security?

You know that the first phase of security was in the form of restricting users to confidential data. The second phase involved the design of counter attacking the viruses & Trojans after they induce damage to the network!

Moving towards the third phase of security, the IT vendors have decided on integrating security features as a part of application development across the globe.

IT big shots are trying to evolve well-defined security standards & architectures that could form the basis of security in all future business critical processes across the globe!

Read more on 'Data Security Tightened in India' in one of our previous posts to know the measures taken by India to circumvent the probelm of security in outsourcing.

All of us know that outsourcing can be a double-edged sword. For the outsourcer, it certainly helps cut costs in business processes, but there is also the lurking danger of private data going public. In an older post, we have mentioned how real this concern is among outsourcers.

This concern over data security is particularly serious in the banking sector, where the outsource vendor is literally playing with considerable personal information.

Not surprisingly, the Finance Sector Union (FSU) has inserted advertisements in newspapers all over Australia to emphasize this concern over data safety. The Union is exerting pressure on the banking institutions in Australia to refrain from sending personal information of customers to the country of a service provider. As ABC Newsonline reports:

...[The Union has] put a message out to shareholders saying that they need to send a clear message to their banks to say that nobody likes jobs going offshore, nobody likes personal data going offshore and that the banks need to change their minds.

Last month, I had written an interesting post titled "Data Security Tightened in India" that spoke about data security in India. Today, it's the turn of privacy concerns. Privacy concerns have been raised by the financial service companies while sending customer data to foreign countries.

Financial customers may not opt out of these information transfers to non-affiliated service providers if the transfer is for purpose described in section 502(e) of the Gramm-Leach-Bliley Act (GLBA). The opportunity to opt out does not apply where the information transfer is to service or process a financial product or service that the customer requested or authorized.

The GLBA does provide important protections that cover both domestic and offshore outsourcing. GLBA established affirmative and continuing obligations for financial institutions to respect customer privacy and protect customer personal information against threats to its security, confidentiality and integrity.

When we talk about IT outsourcing, we essentially talk about huge databases that are confidential and well protected by vendors. However, as I mentioned in an earlier post on this forum, security is emerging as a major concern for outsourcers. In spite of the tacit understanding between vendor and outsourcer that data is confidential, sensitive information has managed to trickle out, beating all security precautions.

The threat to security in outsourcing is a global phenomenon. It has happened in India, and it is happening elsewhere, although the implications are slightly different. Take, for instance, the high-profile outsourcing agreement between Westpac Bank and IBM GSA. Westpac is regretting the fact that it outsourced its security as part of the 10-year, $4.3 billion IT outsourcing pact.

As a result of outsourcing its security management back in 2000, Westpac was left with only one on-house person for information security at the bank. It is only in the last three years that Westpac is beginning to get a grip on the situation. However, it will take much longer for the bank to get rid of the damage to its reputation. As Westpac's chief information security officer and CIO of enterprise services David Backley says:

If cybercrime and other forms of fraud erode trust where will we go? We do not want a loss of confidence in new banking channels.

IBM, your comments, please!

Computerworld has the full story. 

Recently, I had written a post on how offshore clients were losing trust on Indian BPOs because of cases of security breach. The post was titled, “Is the Future of BPO Industry Secure in India?” Now it seems that India outsourcing industry has woken up to the gravity of the situation.

After the recent incidents of data theft at call centers, finally the Indian outsourcing industry joined forces to implement a number of security measures. The industry acknowledged that such incidents would undermine the outsourcing expansion in India. The BPO firms in India have initiated a voluntary registry for call center employees. That will help employers to perform background checks on prospective employees.

In a major development, an independent self-regulatory body under the aegis of the National Association of Software and Services Companies (NASSCOM) was created. The body will look after the problems facing by BPO industry and find solutions to resolve those.

Data security and privacy have been seen as major barriers to global trade. Outsourcing companies in India are aware of this. Hence, they are trying to improve the security in their organizations. What do you think about the security measures taken by Indian outsourcing industry? Will it help the industry to restore the faith of offshore clients?

The issue seems to be controversial, yet sensitive. Answer to this question will determine the fate of millions of youngsters in India who opt call center jobs as their career. The arrest of Nadeem Kashmiri in the HSBC call center fraud has raised a big question mark on the reliability and security of Indian BPO industry. Sadly, this is not the single incident of security breach in call centers. In the past couple of years, several cases of data fraud have been reported in call center facilities in Pune, Mumbai, Gurgaon and Bangalore.

We admit or not, such incidents are bound to affect the booming BPO industry in India. Experts believe that cases of security breach in India are minimal as compared to that abroad. However, here the question is why should not we provide hundred percent secure services to our foreign clients who heavily rely on us for the efficiency and effectiveness of their processes?

The US companies that outsource their IT security functions, has significantly contributed to the volume of off-shoring business. A survey conducted on the US companies indicated that they allocate their security functions to third party companies. The amount of work sent overseas in some cases have doubled in recent years.

It has been reported that companies with an average revenue of less than $10 million outsourced 8 percent of their security functions overseas. Last year, it was only 4 percent. Large companies have witnessed a sharp increase in outsourcing. They send 15 percent of their security functions offshore. Even though the volume of security functions sent overseas moved up, the number of US companies that use outsourcing has remained stable.

According to ZNet News -

This year, 39 percent of the companies surveyed indicated they farm out varying degrees of their security work, compared with 37 percent last year. In a preview of the survey last month, Robert Richardson, editorial director at the CSI, also noted that there was a decline in financial losses due to cyber crime in 2006 and fewer security incidents than in previous years.

In a shocking incident, the Bangalore police have arrested an employee of HSBC Data Processing Center for allegedly passing the data of the UK customers to others. As a result, the UK customers lost £233,000 pounds from their accounts. The arrest was made after HSBC Electronic Data Processing India Ltd. filed a complaint saying one of its employees Nadeem Kashmiri, accessed personal debit card information of the customers and passed them on to associates involved in the fraud. Unfortunately, this is the second major bank fraud reported by an outsourcing center in India in less than a year. The incident put the outsourcing industry in a tizzy. It might affect the future outsourcing to India. The incident already raised fears and criticism about cyber safety standards in India.

According to IT Business Net -

The HSBC incident was brought to notice by some of its customers in England who complained that money had been money transferred from their accounts between March and May without their knowledge, the Financial Express newspaper reported.

Outsourcing is viable because of costs savings. However, if this cost factor is countered by the danger of data theft in an outsourced environment, the principle of outsourcing will come to a dead end. All the negativity surrounding data security—such as hacking, data loss in transit, and illegal storage of data—can lead to both a material and ideological loss that can easily outweigh the cost savings in an outsourced deal.

But wait, there is a new instrument at hand: managed data security services. In effect, this means handing over security management to a service provider who understands the security needs of the outsourcer and takes on the burden of protecting critical data from pilferage. All this comes at a cost, and outsourcers can opt for a dedicated data security service or the more affordable shared service.

How exactly does the managed security work? Well, the first step is a security audit conducted by experts who understand security regulations and assess security threats. Only then is the service provider able to put a security network in place to counter all threats.

Needless to say, the concept of managed security appeals most to financial institutions such as banks and lending institutions, who have already taken a beating because of theft and loss of critical customer information such as credit card numbers. This image can be cleared by putting a managed security service in place. The entire concept rides on complete trust between the client and the service provider.

Click here for the full story.

The Data Protection Act (DPA) is in force in the UK for eight years now, but its provisions are not yet completely understood. Or at least, the provisions are not enforced. This is clear from a trend among senior IT decision makers to use live data to test applications.

A study conducted by Vanson Bourn reveals this unhealthy practice in the IT outsourcing industry. Nearly half of the IT decision makers are not even clear on the provisions of the act, and 44% use real data for testing purposes.

This obviously runs the risk of data dissemination to a third party. Confidentiality is of utmost importance in the data-driven IT industry, and greater care is a must for IT companies and executives. As the Vanson Bourne research indicates:

By exchanging known values, such as addresses, with other known values, customer data can be transformed so that it is unrecognisable from the original but can still be processed by the systems across the organisation, with important fields, such as postcode, left intact.

There is a common view that companies looking into managed security services need to weigh the cost saving against the risks attached with outsourcing. Many companies are seeking the help from outside experts in dealing with the risks involved in handling confidential information. Hacking incidents, money laundering and violation of company policies are the major concerns for the companies that are outsourcing their business to third party vendors. Providers of managed security services are offering to relieve the burden of protecting sensitive data. They can eliminate the pitfalls of managing and monitoring security devices and events and ensure a solution to the problems.

Obtaining security services from an outsourcer demands an understanding of these services. They include a company's security policies, technology and standards. Since sensitive and confidential data hold much importance for any company, organizations need to be cautious while entrusting their protection to third party companies. Both Security management and Security monitoring come under managed security services. Security management deals with the management and maintenance of devices such as firewalls and routers. Security monitoring involves recruitment of personnel to analyze data that flow across multiple devices in a company.

Destination India for many outsourcers has received a severe jolt with the recent incidents of theft in Gurgaon and Bangalore. Hopefully, the outsourcing boat will not be rocked too much by these controversies. However, they certainly have international ramifications with several thousands of pounds involved in the racket, and quite naturally the Interpol has received the signal to bring the miscreants to book.

In the case of the HSBC BPO in Bangalore, it is believed that there are co-fraudsters based in Britain, who are being lined up by Interpol. India Daily reports that the Karnataka Corps of Detectives alerted Interpol to the case.

India has become the hub for outsourcing industry. Most US companies outsource their customer service to call centers to India because of low labor costs and abundance of workers. However, in the recent days, security concerns have forced companies to reconsider their decision on outsourcing to India.

According to a recent survey made by Forrester Research, companies such as Bank of America, ChoicePoint, Citibank and Time Warner experienced the loss of customer information. The security concerns have raised the debate over the reliability of business process outsourcing industry. For India, it is a serious issue as the country receives huge benefits from outsourcing. Outsourcing also provides employment and career opportunities to millions of Indian youth. Hence, it is in India's interest to ensure effective data protection to woo more outsourcing companies to its soil.

More Information: Read Here

In one security breach last year, three former employees of MphasiS, a company providing outsourcing services, were arrested for stealing more than $350,000 from four customers of Citibank. The workers were accused of acquiring passwords and transferring money from customers' bank accounts into their own.

Companies that outsource their data processing functions to organizations overseas are often not too bothered with the data protection rules that need to be adhered to. To help such firms, the Information Commissioner’s Office (ICO) in the United Kingdom has published advice such as requesting and procuring clarification from both organizations that handle personal information and from the people whose interests have to be protected. The booklet makes it clear that the company that outsources the work is responsible for any misuse of secure and personal data, even though the misdemeanor occurs abroad. 

The U.S. is considering options to outsource the security procedural work involved in the inbound transfer of cargo from foreign ports. The department is concentrating on the validation process for it's outsourcing plans which will mainly amount to on-site inspections of ships and cargo but it won't be easy as it has to consider several issues when it comes to third party outsourcing. World Peace Herald reports:

The program, which would give speedier entry to U.S. ports to ships and suppliers that meet the security standards, is now in the hands of 80 Homeland Security inspectors who have to plow through more than 10,000 applicants.

The recent attack on the Indian Institute of Science in Bangalore has shifted the focus of attention regarding terrorist attacks from north India to this southern city of information technology. Analysts believe that outsourcing could be the next terror target. Evidence has been building that terrorist outfits could take advantage of the soft targets such as the outsourcing industry.

The question that is now being asked is: how well-prepared are the outsourcing centers in India to answer the terror threat? Security is being strengthened in Bangalore, and only time will tell regarding the seriousness of the threat. Time Online Edition reports:

The attack is likely to shift attention within India to the question of how well prepared the country's outsourcing centers are for terror strikes. In a press statement released immediately after the terror attack, NASSCOM, the trade body for India's technology sector, stated that the country's outsourcing companies already have many security measures in place; however, it said that the incident “highlights the need to review and upgrade these.”

To avoid compromising on vital data, the Reserve Bank of India has asked banks to systematize outsourcing to third party vendors by meeting the regulatory and supervisory requirements. Prior to entering into an outsourcing agreement, banks should ensure that they can control and monitor the outsourced business processes. The Economic Times reports:

The RBI has said that breach of security, confidentiality or non-compliance with legal and regulatory requirements by either the service provider or the outsourcing bank can lead to financial losses for a bank and systemic risks within the entire banking system. “Therefore, a bank’s board of directors and management need to provide direction and guidance to adopt sound and responsive risk management practices for effective oversight, due diligence and management of risks arising out of outsourcing,” said RBI. 

Recent experience has shown that the IT data, which is so much integrated to business processes, can be under threat from virus attacks such as Sasser, Blaster, and the more recent Zotob. Although these particular threats were tackled, they have succeeded in raising the question of adequate security for IT data. The US government has initiated steps to increase awareness of this real danger through legislation such as Sarbanes-Oxley, Basel II, and HIPAA.

Companies are constantly evolving fresh schemes to ensure security, but are conscious of the cost factor. This consideration has led companies to consider an outsourced security model. Outsourcing service providers are also dedicated to evolving security solutions. The outsourced model will not only have the advantage of a typical outsourced project (viz., saving manpower and resources), but also is aimed at delegating security to an expertise that may not be inherent in the company. Besides, the outsourcing service providers will possess the additional software required to handle security threats. Line56.com reports:

Security is more than a one-time event. Organizations must protect critical information assets, including sensitive client information, and to do so requires the active management and monitoring of IT infrastructure at all times. Failing to make security a business priority is a risk that companies can no longer afford to take.   

Every company or organization that is seeking to outsource its business processes has to weight the advantages and disadvantages of outsourcing. The advantage that is almost always cited is the cut in costs, which is often the deciding factor in encouraging outsourcing. On the other side of the picture, however, is the exposure to security risks when a business process is outsourced to a third party.

In the case of financial institutions such as banks, the security risks become accentuated because of the risk of disclosing client records and details, which can be taken advantage of by extortionists. Other high security concerns such as clients' net worth, credit rating, and default of loans are also exposed in the case of outsourcing. In the light of these risks, banks must attend to threats such as a structurally flawed framework that encourages fraud, an unmonitored environment, and the misplaced belief that bankers can build good security. Express Computer reports:

We forget that the core competence of banks is deploying money in a manner to grow it, not to safeguard it. The concept of a bank has moved a long way from steel safes to electronic banking. And yet the notions have not. Bankers still believe that they possess the competence to out-think criminals or frauds whose core competence is to break into secure systems.

Delegates at the MediaConnect Asia security Forum held in Singapore have expressed confidence that the companies in the Asia-Pacific region are now more receptive to the idea of outsourcing the management of their IT security systems. Australia, Japan, and Taiwan have already initiated the process of outsourcing IT security requirements, and it is expected that the entire region will come on par with other parts of the world in this aspect of outsourcing.

According to Andy Lee, head of the Asia-Pacific security practice at Amsterdam-based network operator ENV International NV, the most important factor for IT security outsourcing is the cost saving factor. However, this is not the only reason for IT security outsourcing. Blackenterprise.com reports:

Security demands generated by online applications such as e- commerce systems and Web services are prompting corporate users to hand off intrusion detection, firewall management and other security functions to third-party vendors, the speakers said.

Outsourcing of security services is now extending beyond the mainland U.S military bases. New contracts are being finalized with security service providers to extend their vigil to the bases in Hawaii and Guam. USProtect, which is based in Silver Spring, Md. is currently under contract to provide services at the Elmendorf and Eielson Air Force bases in Alaska. However, the security contract only extends to entry-control point, and no other security detail is provided as part of the agreed duties.

The Andersen Air Force Base at Guam, which has not seen civilian security management since 1974, is also considering an agreement to outsource part of its security requirement. Lt. Col. Randee Preston, Force Protection Commodity Council deputy director at Lackland Air Force Base, Texas, said that the consideration for outsourcing part of the security requirements applies only to the Air Force bases stretched for personnel. Stars and Stripes reports:

Naval Base Guam also is studying a proposal to contract a portion of its security force to civilian personnel, according to base spokeswoman Lt. Arwen Chisolm. “We do not know exactly when or how many billets will be involved,” she said. Currently, all force-protection duties, including physical security and law enforcement, are performed by members of the Naval Security Force Detachment, Guam, which Chisolm said is comprised of just active-duty military and civil service personnel.

Read More: Trend toward outsourcing security extends to Hawaii, Guam

Outsourcing is certainly encouraged by the prime concern of cutting costs. However, the question that is being raised is whether cutting costs is more important than quality service. Recent examples in the US have shown that some outsourced business processes have been guided by the objective of cutting costs, sacrificing on quality. This has also raised security hazards. Washingtonpost.com reports that the JetBlue airliner has outsourced its maintenance contract regarding inspection of damage or for being assembled to work places in either Canada or El Salvador. This step has reduced costs as a mechanic in El Salvador is paid much less than his counterpart in the US, but has raised concerns regarding safety.

A study shows that nearly 50 percent of US air carriers have outsourced their long-term maintenance contracts. Thus, the capitalism of the 21st century has introduced avoidable risk factors. Washingtonpost.com reports:

…the point of this story isn't that JetBlue's decisions are in any way exceptional. To the contrary, by going abroad for work that would previously have been performed at home (and except for maintenance, JetBlue doesn't fly outside the United States), and by prioritizing costs over more closely inspected maintenance, the airline is an exemplar of 21st-century capitalism.

Read More: Outsourcing Our Safety

A critical area of consideration for any organization looking for an outsourcing partner is the level of security that the partner can provide for its data. This consideration should not be lost sight of in the search for the service level and cost effectiveness of the venture. It is important to clearly define the security objectives in the agreement, and provide for enforcement of provisions for any breach of security.

Blackenterprise.com provides a list of such risk areas, which includes leakage of a company's critical information, revelation of customer and employee information, violation of patents and exclusive technical know-how, moving IT hardware and software to a new and insecure location, and no provision for control over the staffing by the vendor. These risks need to be addressed in agreements between the company and the service provider, so that there is no room for ambiguity regarding security responsibilities. Blackenterprise.com reports:

The outsourcing contract becomes critically important for outlining security responsibilities and penalties for breaches. To properly address security in a contract, a review team should analyze each business process that will be affected by the proposed outsourcing. This review should consider the various risks that could affect each business process, and provide a channel to raise issues to the senior decision-makers.

Read More: Reviewing the Security Aspect of Outsourcing

An article published on September 9 by CyberMedia News on CIOL.com quotes panelists at the CIO Summit organized by Dataquest magazine in Bangalore (India) to conclude that IT security management is best managed in-house, and not outsourced to a third party. The Summit was on "Managing IT for the enterprise", and participants included senior executives from leading IT companies such as Transworks, Portwise, Iwire Networks, Indian Telephone Industries, MphasiS, and Hutch.

Most of the participants expressed the opinion that the aspect of security is always under scrutiny by customers, and this makes it imperative to have an in-house security management in place. The CIOs at the summit also felt that the industry should not view IT security as an integrated system; a better alternative is a multi-vendor scenario, which would make the security system stronger and less prone to attack. CIOL.com reports:

While outsourcing of IT infrastructure management has gained acceptance in India, the same cannot be said on the trend of enterprises letting a third party service provider manage IT security.

Read More: CIOs against outsourcing security management

In recent months there has been a flurry of reports questioning the security of information sent to Indian outsourcing firms.  With recent incidents in which thousands of individuals personal information was compromised, the western public has become wary if not outright against further outsourcing expansion.  That said, there has been no noticable slowdown in work for Indian BPO firms.  Indian analysts and industry representatives argue that the skills of their population and cost advantage far outweigh the security questions for almost all outsourcing companies.  They also argue that despite the high publicity of the incidents in which security was breached, these are merely isolated incidents.  These industry leaders obviously have had much success in convincing western countries of this as they have not hesitated to continue outsourcing.  In addition to this, Indian industry leaders and public officials have been very forthcoming with the need to fix this security problem.  Newindpress.com Reports:

"If the Indian industry is not shown to be addressing such occurrences on a war footing the battle will become increasingly one-sided," said Raghu Raman, CEO of Mahindra Special Services Group. 

"I don't think the quantum of outsourcing will reduce drastically but our ability to climb up the value chain will be severely deterred," he added.

Read More: Business as usual for BPO firms despite frauds scare

A widely touted undercover investigation by the British newspaper the Sun found supposedly secure personal information readily available in Indian call centers for a price of $5 per grouping of information.  This has caused a great deal of commotion in the British government where a transfer of British genealogical data to India was about to take place.  British MP’s have argued for a halt to the transfer while the British government investigates the security of data in Indian call centers.  Currently the plan however is to continue ahead with the transfer despite the MPs’ protests.  British officials worry however, that if the Sun was able to attain access to 1,000 files with a promise of delivery of 250,000 more files a month it will be a relatively simple matter for any criminal to attain such files.  Webindia 123.com Reports:

"Not only is this highly irregular, it is also outrageous that a government will so readily dismiss concerns of parliament in handing over the records of 250 million people to a third party halfway across the globe, he said.

Read More: 'Scam-tainted' Indian outsourcing under fire in Britain:-

In recent months there have been a slew of reports indicating that while the outsourcing phenomenon has yielded huge cost savings for companies, many were not careful enough in securing the sensitive information they transmitted.  A recent investigation by British newspaper The Sun revealed the ease and cheapness with which sensitive information can be attained.  An investigator working for the paper was able to secure private information including bank accounts, passport numbers, mobile numbers and even medical records for 1,000 individuals for only 3 pounds or 5 dollars US.  Despite the shock sounded by many regulators of the bank, the security breach should come as no surprise to those close to the industry.  In fact, it is quite possibly the largest threat facing global outsourcing today. ComputerWeekly.com Reports:

Donal Casey, a consultant at Diagonal Security, a division of IT services group Morse, said, "It's shocking to see that one individuals could get their hands on such complete, confidential information.

Read More: Banks urged to check up on offshore security

In the first indications of particulars following the Indian Central Bank's announcement that it will implement reforms to minimize security risks for western banks engaged in outsourcing, the Central Bank has announced the creation of a centralized outsourcing database.  The database will compile information on employees working within the various arms of India's massive outsourcing industry.  The development will allow companies to research the particular individuals they are hiring as well as serve as a potential blacklist for those who have previously engaged in illegal activity.  Post-Gazette.com Reports:

"We will soon evolve a framework to enable companies to hire third parties and do background checks on potential employees," said Kiran Karnik, president of National Association of Software and Services Companies, at a seminar on outsourcing in the technology hub of Bangalore.

Read More: India to profile outsourcing workers to precent crime

In what may prove to be the initial step in a major overhauling of Indian privacy and security measures, the Indian Central Bank is putting into place a number of rules and regulations designed to minimize the risk faced by western banks engaged in outsourcing with India.  After the fraud committed by a small group of call centre ex-employeed, western banks and their customers were particularly concerned about security breaches on their holdings and private information.  While the extent of the reforms is not yet known, the fact that initial steps have been taken by the central bank indicates not only the vital importance of outsourcing to the Indian economy, but additionally the growing power of western corporations to influence Indian law.  Certainly the implications of this single event will be focused on India itself, but it may also point to steps must be undertaken by other outsourcing nations so as to remain competitive with India.  The Economic Times Reports:

The RBI will come out with new guidelines on outsourcing to improve the regulatory supervision and risk management of outsourcing, RBI deputy governor KJ Udeshi said on Tuesday.  These will cover aspects related to operational and prudential risks arising out of outsourcing of banking activities by banks. 

Read More: RBI plans norms to curb banks' outsourcing risks

The Capability Maturity Model (CMM) was concieved by the Software Engineering Institute at Carnegie Mellon University to standardize assessments of outsourcing contractors.  The certification is filling an increasingly necessary gap in outsourcing because it assures western companies of some level of quality in outsourcing work without the cost of having to investigate the company individually.  While even the CMM program managers concede that the program is far from perfect and that there exists ample opportunity for abuse, it does provide a minimal base for assessing the quality of work by an outsourcing company.  Furthermore, it has spawned a myriad of other companies, who are then certified by CMM, who rank certified companies. Post-Gazette.com Reports:

In 2002, only 18 Chinese companies were CMM-certified, compared with 153 Indian ones, according to the Software Engineering Institute. Now that number has climbed to 243, compared with the 387 Indian companies that are accredited.

Read More: Quality lures software outsourcing

A recent panel composed of security heads from a number of large organizations at the Jericho Forum presented the argument that current IT security does not adequately protect companies with regard to outsourced services.  As companies move larger chunks of their operations over the internet rather than private networks, their exposure to security breaches increases significantly.  The approach proposed by the Jericho Forum would be to "deperimeterize" IT security, allowing companies to safely open their networks to outsourcing suppliers while maintaining data security. Computer Weekly Reports:

The approach relies on data encryption, fine-level access control to secure individual items of data, rather than a whole document, and digital rights management to control how access rights to a document change over time.

Read More: Outsourcing demands more open approach to security, says Jericho

Last week, The Outsourcing Times reported on a major looting of US Citibank customers undertaken by employees of an Indian outsourcing firm.  The move caused the expected response by those with protectionist tendancies, that the robbery signaled deep uncontrollable security concerns associated with information outsourcing.  This week, pro-outsourcers are presenting the case that the move was little more than a single isolated incident and that it does not undermine the larger trend towards information outsourcing.  Leading the charge is Gartner who late last week released a statment indicating that the event will not play a major role in deterring information outsourcing. While Gartner is probably right, and this one relatively small robbery will not likely affect the broader information outsourcing industry, it fails to address some of the very real concerns that the anti-outsourcers raise.  An honest and thorough investigation into the event and the security failures which allowed it, should conducted, to ensure a successful industry for the future.  Silicon.com Reports:

"We do not believe that this highly publicised incident will seriously damage the Indian business process outsourcing (BPO) industry. Frauds of this type can happen anywhere, and are just as likely to occur in an insourced or captive centre."

Read More: Call centre theft won't hurt Indian outsourcing

With a huge backlog of cases and a budget too small to expand its workforce, the IRS is set to begin outsourcing its more simple debt collection cases to outside firms.  While a number of governmental agencies, such as libraries, have already begun the practice, the move by the IRS has only been recently approved through the American Jobs Creation Act of 2004.  Current estimates of unpaid tax payments hover around $270 billion.  The move is not without critics, however, who argue that with private collectors standing to reap up to 25 percent of revenues, harrassment is inevitable.  Similarly, there are those who worry about privacy and security issues associated with transferring sensitive financial materials to third-party contractors.  FoxNews.com Reports:

"The use of these collection agencies will allow the IRS to focus its resources on more complex cases and will allow the IRS to handle more cases at an earlier stage before they become harder to collect," said IRS spokeswoman Nancy Mathis.

Read More: IRS 'Outsourcing' Debt Collections

The outsourcing of aviation maintenance work and staff is a growing trend whose success in keeping down costs has caused almost every major airline to initiate the practice.  Despite some initial safety concerns, there has been little reason to question the validity of the move thus far.  A recent arrest of more than two dozen alleged illegal aliens who were servicing airlines through an outsourcing firm, however, may change all that.  While it appears that the quality of the work done by these individuals was satisfactory, the mere fact that there are individuals who are not who they say they are having control over commercial aircraft frightens many.  The event may force many major carriers to cut back on some outsourced work to address safety and PR concerns.  This could potentially lead to higher costs as more work must be done in-house. USATODAY.com Reports:

Ted Ludwig, a local president with the Aircraft Mechanics Fraternal Association, says contract mechanics are not required to have the same 10-year FBI background checks required of airline employees. And he says the FAA has not kept up with the trend toward outsourcing.

Read More: Bust of illegal alients maintaining jets raises safety concerns

Following a number of high profile security breaches amongst outsourcing firms, the need for increased security is apparent.  A number of IT executives from several major banks are warning, however, that increased security measures mean increasing regulations and costs.  These costs are forcing many western firms to deal only with the largest of outsourcing firms, those able to pay for the security increases.  This means that many smaller firms may suffer.  Computerworld Reports:

"My biggest concern right now is that it's almost impossible for us to do business with small companies, especially small innovative companies that aren't well financed," said Patrick Ruckh, chief technology officer at First Horizon Bank in Memphis.

Read More: Feds Force Tighter Oversight of Outsourcers

With technological savvy, access to sensitive materials, and no background checks, it was only a matter of time before a major security breach by Indian offshore employees caused western companies to rethink outsourcing.  Following the recent arrest in India of three former Mphasis BFL Group employees who are accused of defrauding Citibank account holders of over $300,000, firms considering offshoring are doing just that. The future success of outsourcing will be determined by how quickly and sufficiently outsourcing firms respond to concerns about their ability to secure sensitive materials. Computerworld Reports:

The National Association of Software and Service Companies in Delhi expects to launch a pilot program of an employee registry within two months. 

As envisioned, the program would allow tech workers, either those with jobs looking for new ones or people trying to get one, to voluntarily register in the database, said NASSCOM Vice President Sunil Mehta.

Read More: India outsourcing firms eye employee screening

The protection of sensitive data and general company security is preventing many financial-services firms from shifting customer data and other sensitive information offshore.  A rather simple innovation by Northwestern Mutual, however, may be changing this.  About six months ago, the company moved files containing sensitive customer data to offshore terminals that limit users' ability to alter, record, or print the data.  While certainly there exists some lingering security concerns, the move has limited the potential for large-scale security breaches, and thus has allowed the firm to shift more work offshore.  As expected, the move has reaped significant financial benefits for the company.  InformationWeek Reports:

Northwestern Mutual executives came up with the plan after deciding they weren't getting the most out of their offshore contractors, Piehler said.  The company previously sent to India only the IT applications that didn't involve customer data.  "But that limits what you can do offshore," she said. 

Northewestern Mutual's safeguards are more than adequate to protect customer data, Piehler said. 

Read More: The Hard Road to Outsourcing

Facing a slew of criticisms following an overlooked fingerprint that sent a wrongfully accused man to prison for six years, the Boston Police Department decided to shut down its less than stellar fingerprint analysis unit and outsource the work.  A Mississippi firm, to whom the work has been outsourced, has already found 109 fingerprints missed earlier by Boston detectives.  Outsourcing the work, despite still being expensive, has cut some costs for the department and help limit some of the police unit's liability.  Boston Herald.com Reports:

Capt. Detective Thomas Dowd, who commands the Boston Police Forensic Technology Division, said the Ron Smith scientists are able to process prints from multiple cases, while cops assigned to the unit would ordinarily focus on one case at a time.

Read More: Fingerprint gaffe spurs costly outsourcing

Following the trend set by western call centers, recently the Phone Sex industry has begun to shift some of its phone services to centers in Bagalore and Mumbai.  The practice, illegal in India and quasi-legal in western countries, is pushing the limits of regulators in India. India Daily Reports:

The practice is totally illegal in India while somewhat legal in Western countries. The business is brisk and revenue flow is very heavy. The Indian operators running these call centers normally have a legitimate normal call center in the front and then phone sex center in the back end.

Read More: Outsourcing phone sex from call centers in India!

The E-Commerce Times has a posted a decent primer on signing an outsourcing contract and then making sure your confidential data will be protected. Certainly this is not an easy task.

At Indian call centers and IT outsourcing firms, there is a tendency to make everything classified, which makes it very difficult to implement confidentially protections where they are genuinely needed. Confidentiality procedures need to be well thought out and then implemented as planned.

Read the article: Outsourcing Contracts: Protecting Project Information

While outsourcing IT to India or China may prove to dramatically cut costs, the same deal may also jeoparadize security, according to experts at the Gartner IT Security Summit.

From Computerworld:

"India is seen as an answer when outsourcing applications but is actually a problem in the security space," said Gartner India research vice president Partha Iyengar while moderating a panel on offshoring security.

At issue is not so much the security that outsourcing service providers use to protect companies' systems -- such as firewalls and data backup -- as it is the cultural differences, Iyengar said. For instance, standards of privacy are often looser in India because it's a close-knit society where, say, reading someone else's e-mail wouldn't be considered much of an intrusion, Iyengar said.

Read more: When outsourcing, don't forget security, experts say

InternetNews.com reports on something we've been talking about for quite a while-outsourcing's place in corporate security.

As network attacks become more frequent and complex, large corporations and government agencies are turning to outside contractors for security.

If the trend holds, enterprises will outsource 90 percent of security operations by 2010, driving the market for managed security services to $3.7 billion, according to a new study from the Yankee Group.

...Increased threats from viruses and hackers have forced companies to bring security from the network perimeter to links between network components, hosts and servers, and databases and end-user databases, Yankee analysts Matthew Kovar wrote in the report.

As risk management and security take a more central role in IT management, effective BPO initiatives must be considered in terms of risk as well as cost. The Economic Times reports:

The 70-strong Hill & Associates, a leading independent enterprise security and risk management consultancy firm, said in their study that business environments are changing around the world and India is also imbibing a lot from this.

Bangalore, Hyderabad and Mumbai are particularly mentioned in the study as low risk locations. The growing interdependencies and connectivity means that the BPO sector is prone to vulnerabilities that may impact operations, reputations and bottom-line of a company on a global scale. And most of the time the security concerns arises due to the infrastructural deficiencies of the BPO units.

"In a survey, we found that India is definitely not a high risk environment. Also, we found that Bangalore, Mumbai and Hyderabad have emerged as key no-risk locations," said Ashish Sonal, country manager, Hill and Associates (India) Pvt Ltd.

The Motley Fool actually conveys the political and economic risks of outsourcing pretty well. You must take the good with the bad.

If countries that provide outsourcing services, such as India, the Philippines, and Malaysia, suffer major political unrest, business activities could be affected. And if American companies send technical and customer information for processing overseas, they could be handing it over to would-be competitors or troublemakers in other nations. Finally, if it reaches the point where certain jobs, such as important technology-related ones, are mainly done abroad, then U.S. workers will lose that expertise, which is critical for job advancement, competitiveness, and innovation.

SmartPros reports on how accounting practices and audits are affected by offshore outsourcing.

"...the management and auditor of the public company issuer are expected to evaluate the activities of the outsourcing supplier in determining the nature, timing, and extent of evidence required to support its opinion on internal control.

"An outsourcing supplier might do several things to assist the public company auditor, e.g., engage its own auditor to review and report on the systems it uses to process the company's transactions or engage an auditor to test the effectiveness of the controls applied to the company's transaction to enable the auditor to evaluate controls of the supplier. Buyers should anticipate that these volitional safeguards may become regularly negotiated terms of an outsourcing agreement."

InfoWorld describes an offshore outsourcing nightmare.

"In a story that ran last Sunday in the San Francisco Chronicle, business columnist David Lazarus revisited and updated the October 2003 incident, when a Pakistani transcriptionist threatened to release UCSF doctors’ recordings and transcriptions of patient records onto the Internet if she wasn’t paid by the transcription contractor that hired her. As it turned out, that contractor was actually a subcontractor of the hospital’s transcription service partner.

"What rarely gets discussed is that the laws regarding protection of intellectual property, personal information, or financial information are certainly different in other countries."

Scary!