Let's Build a Responsible Cyber Society

BPO for BPOs

A Security solution for Indian BPOs

A Vision Document



The anticipated employment level of several millions in Indian BPOs by 2008 makes the industry one of the most promising economic phenomena in India. However, frequent security breaches and the associated international pressure on job losses in their respective countries hold the threat of reducing the promise into an unfulfilled dream. If this turns out to be a big bubble which bursts at some point of time between now and 2008, then we may have an economic disaster on hand with a couple of million youngsters losing their jobs. 

The BPO Industry, Nasscom and the Ministry of Communications and Information Technology (MCIT) therefore have a joint responsibility to work for an effective solution to secure the operations of the BPO industry.

 Security in BPO industry is a combination of Management of Human Resources and Techno Legal IT Security along with Solutions created, delivered and managed with the use of ICT. It is therefore a multidiscipline challenge and the three dimensions to the challenge are HR Management, Techno Legal Compliance and Technology Solutions.

 The HR Dimension:

 The HR dimensions of the BPO industry is characterized by the fact that each of the several thousand employees of a BPO represent a “Risk Point”. Unlike a “Computer” or a “Technology Device” which is a Technology Risk Point, the Human Risk Point is complicated with the fact that it is less predictable, self intelligent and prone to factors such as greed, jealousy, mischief. Managing risk in such a situation is not as easy as managing the source code bug in an operational software.

 Techno Legal Dimension: 

The techno legal dimension of the challenge refers to providing a reasonable technical cover for prevention of intrusions, prevention of loss or compromise of Information, Disaster recovery and Business Continuity. The legal compliance ensures that any breach of technical security aspect does not result in a liability to the Information Asset owner or leave sufficient remedy for him to proceed legally for recovery of damages or to cover himself with an adequate insurance facility.

 Technology Solutions

 Though human risks and legal risks are not entirely capable of being reduced to algorithms and decision rules that can be managed automatically, since the BPO environment is technical and the number of transactions handled will be huge, it is inevitable that substantial part of the problem has to be handled through technology solutions similar but not limited to the “Risk Management Solutions” that are presently being used by part of the IT industry.

 The Vision of BPO for BPOs

 Considering the enormity of the problem as well as its criticality for the survival of an industry that holds the promise of changing the future of the country, it is envisioned that there is a need for a “BPO for BPOs” dealing with Security aspects relevant to the industry.

 Some of the activities that this BPO for BPOs will manage are

 1.Maintenance of Potential Employee data which starts with the trusted archival of educational qualifications starting from X standard results to XII standard and degree level results.

2.Conducting of Background checks close to the levels suggested under BS 7858 standards.

3.Administration of the “Ethical BPO Professional Register”

4.Undertaking of the “Ethical BPO Professional Training” across the industry

5.Providing Technical Security solutions including Disaster Recovery and Business Continuity Plan solutions that are effective and economical. 

6.Providing Technical solutions for information protection including encryption, digital signatures, secured archival etc.

7. Providing IT Security compliance audits of the BS/IS type specially developed for the Indian situation.

8.Providing Techno Legal Compliance audits that address compliance of Cyber Laws as applicable to a given operator.

9. Providing implementation of Techno Legal Compliance solutions with appropriate technology solutions, training etc.

10.Providing certification of Techno Legal Compliance solutions that stand the test of Due Diligence as envisaged in Law.

11.Developing new Risk Management Solutions including strategies such as “Data Division and Re-Union” for ultimate data security.

12. Conducting HR related Risk Management programmes such as “Attitude and Behavioural Monitoring”

13.Developing education systems to train Techno Legal Compliancy Managers

14. Developing Technology Solutions in the form of Management Games that can extract the attitudinal behavioural traits of individuals and develop ego-grams that would assist a qualified HR trainer in management of human risks

15.Managing a Whistle Blower System that can generate early warning of emerging employee related frauds.

16. Managing the internal communication requirements of the industry geared towards mitigation of  relevant risks including content generation, delivery and continuing education of the employees at all levels.

17.Acting as an apex body to represent the interest of the industry both from the employer perspective and the employee perspective and to manage a harmonious relationship between the two.

18.Manage a conflict resolution mechanism including an Alternate Dispute Resolution Mechanism and an online arbitration management system to address the requirements of quick and fair resolution of employer-employee disputes.

19.Take any other steps that may be necessary for the continued growth of the BPO industry in India in coordination with Nasscom and MCIT.

 The realization of the above vision even partially makes it critical that such a BPO of BPOs has to be a collective effort of Nasscom, MCIT and major players in the BPO industry without any of them having a domineering and limiting influence on the operations.

 It may require to be structured as a commercial private sector entity with equity and management participation from different stakeholders and priced services to be delivered to the industry. 

It can however start as a private sector venture with the blessings of Nasscom and MCIT and later accept a larger role for Nasscom and MCIT through investment and managerial participation. Setting up of multiple BPOs say for each region in India is also a strategy that can be considered provided there is a coordination of activities between these entities.

 A more detailed plan of action can be developed after this proposal is brainstormed with the Industry, Nasscom and MCIT.


June 24, 2005

 Comments are welcome

For Structured Online Courses in Cyber laws, Visit Cyber Law College.com


Back To Naavi.org