Learn how our Managed Operations model provides the perfect middle ground between outsourcing and incorporating.

talk expert
Talk to
an Expert

Explore the opportunities with us.

Contact Us

How to Keep Your Offshore Outsourcing Operations Secure

by: Sidney Liquigan

Wednesday, January 30, 2019 |

Outsourced operations are as vulnerable as local operations to data theft. Even though companies require their outsourcing partners to implement the same level of security as they have in their in-house operations, ensuring network and physical security in outsourced operations can be more challenging because they are not in your direct control. Furthermore, different countries may have different privacy legislation and protections.

There are several steps that companies can take to secure and protect their offshore outsourced operations from data breach and other security threats.

Certifications and Compliance

During the vendor selection process, thoroughly reviewing each potential outsourcing partner's credentials should be part of your checklist. Consider partnering with a BPO firm that's certified for and compliant with international standards.

BPO companies must have information security controls that are designed to comply with the following regulations and audits:

  • ISO 9001:2015 – Quality Management Standards
  • ISO 27001:2013 – Information Security Management Standards
  • General Data Protection Regulation of 2016 (EU)

Certain industries also have their own standards, including:

  • Payment Card Industry Data Security Standards
  • Health Insurance Portability and Accountability Act of 1996 (US)

In addition to compliance with the Philippine Data Protection Act of 2012, MicroSourcing also upholds the requirements of the abovementioned regulations.

End-to-End Employee Screening

To ensure that your data is safe with the outsourced team who handles them, your outsourcing partner should have the necessary screening, requirements, policies, and contracts in place.

  1. New hires should undergo background checks and submit pre-employment requirements, such as government and neighborhood council clearances.
  2. Require employment contracts to include confidentiality and intellectual property clauses. You can also require additional stipulations, such as NDAs and non-competes, as long as they are in compliance with local labor laws.
  3. Collaborate with your outsourcing partner in identifying all the possible scenarios that could be considered as breaches of confidentiality and security. Create a code of conduct that explains all these scenarios and how they will be dealt with.
  4. During the off-boarding process, exiting employees undergo clearance processes where they should return all employer and client assets. All accounts must be deleted and access must be revoked.

Physical Security

Make sure that the office floor of your outsourced operations has its own security guards and strict security protocols in addition to the office building's main security. Delivery and extraction of assets must always be tracked. You can also require your BPO partner to allocate a special work floor for your outsourced operations, where additional security measures are in place. This could include prohibiting any personal belongings (mobile devices and other electronics) from being brought into the work floor. You could also request your outsourced work floor to have its own security control, where authorized employees are required to have access cards.

Network Infrastructure and Controls

Partner with an outsourcing provider that allows you to customize your outsourced team's workstation environment and server and networking environment. To guarantee that your outsourced operations' network is secure, there are a number of procedures and controls that must be in place to deter any kind of threat that could impact and disrupt operations. To make sure that the data stays within the network or server, you could have the workstations' USB ports and optical drives disabled. Many BPO firms also prevent employees from accessing websites and apps not needed for work and prohibit unauthorized installation of computer software or program.

Implement unified threat management (UTM) devices with adjustable data and content filtering. This single system has various security features, including anti-virus, malware, or malicious files detection, web filtering, and anti-spam. In addition, desktop security and all controls must be managed by a central management server.

Your outsourced operations must be prepared for power fluctuations and failure in connectivity. Ensure a fully redundant network infrastructure with automatic fail-over. This enables faster recovery time.

Customized Data Security Measures

Outsourcing providers that operate on the traditional outsourcing model may have limited capability to customize their processes to match yours. A recommended outsourcing partner would be a company that offers the managed operations model, where the client can maintain the majority up to the full control of their outsourced operations, including network and physical security procedures.

MicroSourcing is a managed operations provider that works closely with clients to ensure a safe data flow between your in-house operations and your outsourced team in the Philippines. The managed operations model enables you to implement your own security protocols on your offshore operation. MicroSourcing is highly experienced in data security and capable of customizing each client's data security environment based on the nature of their business and the respective required regulations.

Post a Comment

Security Image:

 function captcharefresh button


Email Address: (will not be published) (required)