Overview	A+  A-

NASSCOM’s Security Initiatives
NASSCOM has been playing a very proactive role in ensuring that the Indian Information Security environment benchmarks with the best across the globe. The association has been working closely with both the IT and ITES-BPO industries to create an Information Security culture within these segments. NASSCOM has also been interacting with the Indian Government on the issue of creating a relevant regulatory environment, that will further strengthen information security initiatives being rolled out within IT and ITES-BPO organizations. A “secure” environment—defined by strong copyright, IT and cyber laws—is an imperative for the growth and future success of the IT and ITES-BPO industries, and NASSCOM has been working with the Indian government to achieve this goal.

NASSCOM’s multi-pronged Information Security initiative
NASSCOM is looking at a range of initiatives to build a robust Information Security environment within the IT and ITES-BPO segments. These include the following:

Creating awareness: NASSCOM has been working at building awareness about the importance of Information Security practices for IT and ITES-BPO players. It has been making member companies aware of their obligations to clients in controlling and managing risk. It has also given the industry an insight on the nature of compliance and security expected by US and European customers, the legal and regulatory obligations of customers, and the benefits the IT and ITES-BPO services providers achieve when they upgrade internal security to generally accepted standards.

Setting guidelines: NASSCOM has been publishing general guidelines from time-to-time on security and risk management and advising companies on how to improve and ensure compliance with the regulations that clients want, including HIPPA, GBL, etc.

Defining standards: The software and services association is looking at how it can establish standards for various levels of security compliance. The idea is to define standards in terms of policies, processes and systems required to achieve these.

Creating special training on Information Security: One of the important areas that NASSCOM will be looking into, is the issue of education in the area of Information Security. Creating an IT risk management curriculum for IT services providers that will educate IT professionals, IT support and security staff and audit and certification personnel, will be part of the NASSCOM agenda going forward.

Introducing certifications: NASSCOM is also looking at identifying existing security and risk management certification/audit offerings that can be used or extended and at defining a compliance certification procedure and audit mechanism for the standards and guidelines that it creates.

Shared services: NASSCOM is focusing on defining a set of services that can be shared across members which could include background checks, education and employment verification, ethical hacking and intrusion testing of a member’s public Website and communications links and risk monitoring.

Updated on: 24 Jul, 2006