Data security is one of the chief concerns of American companies today. In fact, hearing news of another major data breach is becoming more commonplace, while the tactics used in hacking are surpassing even the most stalwart systems. For companies that outsource any of their functions to a third-party, this concern is one of the most paramount to address for a successful partnership.
Choosing an outsourcing provider is hard enough, but it can get more overwhelming when you think about all the security that should be in place with your provider. Right now you may be wondering, “And exactly, what security measures DO we need to have?” No worries. Lucky for you, we have a whole list.
After working with numerous U.S. clients, we have developed the capabilities and processes to ensure that we deliver the quality and security required by the programs we support, and we are more than happy to share. Read on for our guide to data security while outsourcing, and take the security worry off the table.
Certifications for Quality & Security
The first thing to consider in outsourcing security is which certifications your outsourcer has earned. For example, ISO 9001 and ISO 27001 are essential to establishing a security protocol and are recognized worldwide for their top security measures.
In addition, if you are using a call center, PCI compliance is also key to protect customer data, sensitive financial information and to take payments via phone. Without ISO and PCI, you may find yourself in a tough security debacle down the line.
Facility Security Measures:
The location of the facility itself is an important first look at how the company handles security. Although critical, this is one area where many BPO providers fail. Before you even enter a facility, it should be located in a secure area. Look for a provider that houses operations within Special Economic Zones (SEZ), which require authorization to enter by local governments, and make sure to discover in which parts of the city their office is located.
Office Space Security:
Office data security begins at the entry to the production floors from the commercial space. The area should absolutely require access cards, while the employees should be using biometric fingerprinting access. This way, doors don’t open if one’s fingerprint is not recorded. In addition, highly controlled areas of the office (server rooms, etc.) with sensitive information should have a special card/biometric access for top-level management only.
It’s tried and true for a reason. Video surveillance works, as does security personnel. Your provider should have video surveillance 24/7 with security guards manning entrances round-the-clock.
On the Floor
One of the biggest fears is that an employee of a provider will somehow leak information on their own. Not good. For this reason, at Personiv, we don’t allow employees to bring their mobile phones into the production areas. They are required to deposit them in lockers. Also, all desktops used inside the office have their CD drives and USB ports disabled.
Internet access should also be restricted to only top-level management or those associates who require it. This removes the risk of personal emails and social media websites being accessed while associates are interacting with sensitive data. And don’t forget a strong firewall as well. Also, you should definitely ask your provider to use only a secure VPN connection while working with your data.
The Legal Stuff:
All employees should be bound by a Non-Disclosure Agreement that is effective even after they exit the company and as part of their onboarding, employees should undergo training regarding copyrights.
One Step Further
At Personiv, we follow all these essentials and more by also adding in a rigorous onboarding process for our team members that includes selecting employees based on the skills and experience required by the specific program; team training specific to required skills; qualifying tests; and more. To find out about our data security services, check out our solutions here.