The anticipated employment level of several millions in Indian BPOs by 2008
makes the industry one of the most promising economic phenomena in India.
However, frequent security breaches and the associated international pressure
on job losses in their respective countries hold the threat of reducing the
promise into an unfulfilled dream. If this turns out to be a big bubble which
bursts at some point of time between now and 2008, then we may have an
economic disaster on hand with a couple of million youngsters losing their
The BPO Industry, Nasscom and the Ministry of Communications and Information
Technology (MCIT) therefore have a joint responsibility to work for an
effective solution to secure the operations of the BPO industry.
Security in BPO industry is a combination of Management of Human Resources
and Techno Legal IT Security along with Solutions created, delivered and
managed with the use of ICT. It is therefore a multidiscipline challenge and
the three dimensions to the challenge are HR Management, Techno Legal
Compliance and Technology Solutions.
The HR dimensions of the BPO industry is characterized by the fact
that each of the several thousand employees of a BPO represent a “Risk Point”.
Unlike a “Computer” or a “Technology Device” which is a Technology Risk Point,
the Human Risk Point is complicated with the fact that it is less predictable,
self intelligent and prone to factors such as greed, jealousy, mischief.
Managing risk in such a situation is not as easy as managing the source code
bug in an operational software.
The techno legal dimension of the challenge refers to providing a reasonable
technical cover for prevention of intrusions, prevention of loss or compromise
of Information, Disaster recovery and Business Continuity. The legal
compliance ensures that any breach of technical security aspect does not
result in a liability to the Information Asset owner or leave sufficient
remedy for him to proceed legally for recovery of damages or to cover himself
with an adequate insurance facility.
Though human risks and legal risks are not entirely capable of being
reduced to algorithms and decision rules that can be managed automatically,
since the BPO environment is technical and the number of transactions handled
will be huge, it is inevitable that substantial part of the problem has to be
handled through technology solutions similar but not limited to the “Risk
Management Solutions” that are presently being used by part of the IT
Vision of BPO for BPOs
Considering the enormity of the problem as well as its criticality for
the survival of an industry that holds the promise of changing the future of
the country, it is envisioned that there is a need for a “BPO for BPOs”
dealing with Security aspects relevant to the industry.
Some of the activities that this BPO for BPOs will manage are
1.Maintenance of Potential Employee data which
starts with the trusted archival of educational qualifications starting from
X standard results to XII standard and degree level results.
2.Conducting of Background checks close to the
levels suggested under BS 7858 standards.
3.Administration of the “Ethical BPO
4.Undertaking of the “Ethical BPO Professional
Training” across the industry
5.Providing Technical Security solutions
including Disaster Recovery and Business Continuity Plan solutions that are
effective and economical.
6.Providing Technical solutions for information
protection including encryption, digital signatures, secured archival etc.
Providing IT Security compliance audits
of the BS/IS type specially developed for the Indian situation.
8.Providing Techno Legal Compliance audits that
address compliance of Cyber Laws as applicable to a given operator.
9. Providing implementation of Techno
Legal Compliance solutions with appropriate technology solutions, training
10.Providing certification of Techno Legal
Compliance solutions that stand the test of Due Diligence as envisaged in
11.Developing new Risk Management Solutions
including strategies such as “Data Division and Re-Union” for ultimate data
12. Conducting HR related Risk
Management programmes such as “Attitude and Behavioural Monitoring”
13.Developing education systems to train Techno
Legal Compliancy Managers
14. Developing Technology Solutions in the form
of Management Games that can extract the attitudinal behavioural traits of
individuals and develop ego-grams that would assist a qualified HR trainer
in management of human risks
15.Managing a Whistle Blower System that can
generate early warning of emerging employee related frauds.
16. Managing the internal communication
requirements of the industry geared towards mitigation of relevant risks
including content generation, delivery and continuing education of the
employees at all levels.
17.Acting as an apex body to represent the
interest of the industry both from the employer perspective and the employee
perspective and to manage a harmonious relationship between the two.
18.Manage a conflict resolution mechanism
including an Alternate Dispute Resolution Mechanism and an online
arbitration management system to address the requirements of quick and fair
resolution of employer-employee disputes.
19.Take any other steps that may be necessary
for the continued growth of the BPO industry in India in coordination with
Nasscom and MCIT.
The realization of the above vision even partially makes it critical that
such a BPO of BPOs has to be a collective effort of Nasscom, MCIT and major
players in the BPO industry without any of them having a domineering and
limiting influence on the operations.
It may require to be structured as a commercial private sector entity with
equity and management participation from different stakeholders and priced
services to be delivered to the industry.
It can however start as a private sector venture with the blessings of Nasscom
and MCIT and later accept a larger role for Nasscom and MCIT through
investment and managerial participation. Setting up of multiple BPOs say for
each region in India is also a strategy that can be considered provided there
is a coordination of activities between these entities.
A more detailed plan of action can be developed after this proposal is
brainstormed with the Industry, Nasscom and MCIT.
June 24, 2005