CyLawCom Certification Programme

.



Cyber Law College has been a pioneer in the field of Cyber Law Education in the Country. In its continued bid to improve Cyber Law Compliancy in the Indian IT user segment,  it is introducing a first in the world concept of "CyLawCom Certification".

"CyLawCom" certification programme is meant for organizations using IT in their business process. It aims at establishing a practical and measurable standard for Cyber Law Compliance in the business process of the organization.

The need for "CyLawCom" certification is felt since the existing standards of quality drive in business processes namely the CMM and Six Sigma do not cover all aspects of Cyber Law Compliance before certifying an organization under their respective norms.

 Both CMM and Six Sigma principles are perhaps broad enough to include Cyber Law Compliance as one of the parameters of measurement but practically cannot immediately use Cyber Law Compliance as an essential criteria for certification. If all the "Cyber Law Non Compliance" is factored into the current CMM and Six Sigma Certifications, it is likely that all current certifications could be drastically over turned.

It is therefore necessary that "CyLawCom" is introduced as a complimentary certification so that existing certifications are not disturbed.

In order to high light this problem, let us take a few examples.

Example 1:

ABC is a software development company certified by CMM. It develops software for Hospitals for use in Singapore. The system includes electronic generation of prescriptions by a doctor who logs into the system using a password and log in ID.

In a country like India where electronic documents can be authenticated only through Digital Signatures, there would be a serious ethical question raised. This process would technically be equivalent to issuing a prescription without a legally valid signature. It means that the doctor cannot be held legally accountable for the prescription.

Quality Standard norms should debate if this factor should be considered as a lacuna in the development process and all such prescriptions are to be treated as "defects" generated by the system.

If so, the question arises if this non compliance of Cyber Laws in India should be a factor which should down grade the CMM or Six Sigma rating of the Company to which it is otherwise entitled.

Example 2:

XYZ develops a Banking software which amongst other features includes a feature by which automatic alerts are generated with some transaction particulars and mailed to the controlling office of the Bank.

The software is used in an EU country and the alerts flow into a foreign country not adopting the EU privacy norms.

The software does not use any specific "Acceptance" from the client for such transfer of private data out of the EU domain.

A question arises whether this should be treated as a "Defect" in the Six Sigma process since every such incident creates a potential liability for the user of the software and is caused by the feature in the software. 

If the development process was able to recognize such possibilities, then appropriate action to check such possibility and generation of an suitable  clause in the Customer agreement authorizing the same could have been generated at the development and testing process itself.

CMM should perhaps have factored such facts into its certification process.

Thus it is seen that CMM and Six Sigma processes at present are under tremendous strain to recognize the impact of dynamic set of laws that affect the clients using software. In most of the Countries, software is considered as an "Agent" of the user and hence the principal is accountable for all illegal activities of the Software even if it is out of ignorance.

It is the responsibility of quality controllers to guide the industry and help them maintain their desired standards.

"CyLawCom" is an attempt to provide such guidance through a Certification programme built around

Creating an Awareness of the Need for Cyber Law Compliance and putting the necessary system in place for automatic application of  Cyber Law Compliance to Business Processes.

  "CyLawCom" is meant to be complimentary to CMM and Six Sigma since both these programmes are not in conflict with "CyLawCom" and are in principle.

The recommended process of "CyLawCom" certification by Cyber Law College would be elaborated in a subsequent note.

Continuation Article

Naavi

January 20, 2003

(Comments are Welcome)