Indian outsourcers to set up security body

A new body will audit security procedures and penalise non-compliant firms

India’s IT trade association plans to establish a new regulatory security body to reassure customers concerned about recent security breaches.

According to the Financial Times, the independent body will receive $300,000 of initial funding, and membership fees will cover its future costs. Sunil Mehta, vice-president of the National Association of Software and Service Companies (Nasscom), said the organisation would audit members’ security procedures and monitor any breaches; and would impose penalties on non-compliant companies.

The security scheme has been set up following allegations of employee fraud in the Indian outsourcing sector last year, and of staff selling on customer data.

Sudhir Chaturvedi, head of UK sales at Indian IT services provider Infosys, welcomed the scheme. “Nasscom is to be applauded for not wishing away the issue and taking measures to improve confidence in security practices,” he argued. “I think the Indian IT industry has done really well at complying with the security needs of global customers, but this does provide an extra layer of confidence.”

Chaturvedi added that the top UK firms that Infosys works with already have thorough security measures in place, achieved through audits before they signed any outsourcing deal, and through protection built into contracts.

The launch of the new body will follow the launch of a national registry of IT staff set up by Nasscom at the start of this year. The registry - which was also designed to tackle concerns over employee fraud - offers data on individuals’ professional and educational backgrounds, so employers can verify their credentials, according to Nasscom.