by: Sidney Liquigan
Wednesday, January 30, 2019 |
Outsourced operations are as vulnerable as local operations to data theft. Even though companies require their outsourcing partners to implement the same level of security as they have in their in-house operations, ensuring network and physical security in outsourced operations can be more challenging because they are not in your direct control. Furthermore, different countries may have different privacy legislation and protections.
There are several steps that companies can take to secure and protect their offshore outsourced operations from data breach and other security threats.
Certifications and Compliance
During the vendor selection process, thoroughly reviewing each potential outsourcing partner's credentials should be part of your checklist. Consider partnering with a BPO firm that's certified for and compliant with international standards.
BPO companies must have information security controls that are designed to comply with the following regulations and audits:
Certain industries also have their own standards, including:
In addition to compliance with the Philippine Data Protection Act of 2012, MicroSourcing also upholds the requirements of the abovementioned regulations.
End-to-End Employee Screening
To ensure that your data is safe with the outsourced team who handles them, your outsourcing partner should have the necessary screening, requirements, policies, and contracts in place.
Make sure that the office floor of your outsourced operations has its own security guards and strict security protocols in addition to the office building's main security. Delivery and extraction of assets must always be tracked. You can also require your BPO partner to allocate a special work floor for your outsourced operations, where additional security measures are in place. This could include prohibiting any personal belongings (mobile devices and other electronics) from being brought into the work floor. You could also request your outsourced work floor to have its own security control, where authorized employees are required to have access cards.
Network Infrastructure and Controls
Partner with an outsourcing provider that allows you to customize your outsourced team's workstation environment and server and networking environment. To guarantee that your outsourced operations' network is secure, there are a number of procedures and controls that must be in place to deter any kind of threat that could impact and disrupt operations. To make sure that the data stays within the network or server, you could have the workstations' USB ports and optical drives disabled. Many BPO firms also prevent employees from accessing websites and apps not needed for work and prohibit unauthorized installation of computer software or program.
Implement unified threat management (UTM) devices with adjustable data and content filtering. This single system has various security features, including anti-virus, malware, or malicious files detection, web filtering, and anti-spam. In addition, desktop security and all controls must be managed by a central management server.
Your outsourced operations must be prepared for power fluctuations and failure in connectivity. Ensure a fully redundant network infrastructure with automatic fail-over. This enables faster recovery time.
Customized Data Security Measures
Outsourcing providers that operate on the traditional outsourcing model may have limited capability to customize their processes to match yours. A recommended outsourcing partner would be a company that offers the managed operations model, where the client can maintain the majority up to the full control of their outsourced operations, including network and physical security procedures.
MicroSourcing is a managed operations provider that works closely with clients to ensure a safe data flow between your in-house operations and your outsourced team in the Philippines. The managed operations model enables you to implement your own security protocols on your offshore operation. MicroSourcing is highly experienced in data security and capable of customizing each client's data security environment based on the nature of their business and the respective required regulations.