Nandkumar Saravade
Former Director Cyber Security and Compliance NASSCOM
Today, the issue of security is becoming a vital one for both customers and
outsourcing service suppliers.
Undoubtedly, the Indian IT-BPO industry has been watching this very closely,
and proactively making efforts to check and preempt possible attacks and
threats, conscious of the fact that if not properly handled, the above
highlighted issues could well derail the growth of the IT industry.
Safeguarding security therefore becomes an imperative agenda for this industry
since it serves customers across the globe, and often has access to
confidential and personal data of customers and corporates.
There have been a number of initiatives that the IT industry has come forward
to take across multiple touch points like employees, employers, law enforcement
agencies and the customers. Being the representative body for the Indian IT and
BPO industry, NASSCOM has been actively pursuing these objectives.
The Indian IT software and services industry currently generates export
revenues of $31.3 billion, and $8.2 billion from the domestic market (figures
as of July '07), with a projection to clock $60 billion from exports by 2010,
and employs 1.6 million individuals directly and over 6.4 million indirectly
(for every job created in IT-ITES, four jobs are created in rest of the
economy- NASSCOM Crisil Report 2007).
The industry is making a significant positive impact on the Indian economy and
the people of this country. The industry is expected to employ 2.3 million
employees by 2010.
Security is often said to be a three-dimensional problem: involving people,
process and technology. Employing the best practices on an assured workforce
for better security, background checks have become de rigueur for Indian IT and BPO companies, which operate
in a globally competitive environment.
With such large scale hiring, it is extremely challenging even though critical,
to track the background of each employee hired by a company. Given the growth
projections of the industry, human resource (HR) departments are under a lot of
pressure to recruit in large numbers, and sometimes these time pressures keep
them from doing due diligence before hiring.
Lack of industry ready talent (the numbers are available but the skill sets are
lacking), the intensely competitive recruitment environment, relatively high
attrition rate of the sector, although internal to the industry and possible
fudging of skill sets and salary details by potential employees are serious
issues, and given the intense pressure to recruit in large numbers, recruitment
teams are unable to sieve these 'fake' CVs and sometimes end up hiring such
candidates as well. Against this background, even though it is a remote
possibility, ignoring background checks of potential employees can unknowingly
lead to inclusion of individuals with a criminal record, or simply undesirable
elements into the industry's workforce, thereby making background checks
indispensable for this industry.
The Indian IT-BPO industry has, and will continue to raise the standards for
the safety of the employees and the clients. These issues are being taken
extremely seriously, not only by NASSCOM, but also the government, the legal authorities
and the police. In recognition of these, NASSCOM has worked closely with
industry and taken a number of pro-active steps.
Specifically to address the challenge of background checks, NASSCOM, along with
the support of the IT and BPO industry has constituted the National Skills
Registry (NSR) - a voluntary, centralized pan-India database of all employees
of the IT services and BPO companies in India.
NSR contains third party verified personal, qualification and career-related
information of IT–BPO professionals. As of September 2007, over 150, 000
employees across 43 companies are registered with NSR. With the positive
response received by the industry, the target is to take this number four times
over to touch 500,000 by April 2008. NASSCOM will also be rolling out a road
show series to generate awareness in the next six months across eight cities
beginning October 2007.
This initiative includes creating, operating and maintaining a national
database of employees working in the IT-BPO sector in
The NSR offers benefits to all stakeholders. Among other benefits, employees
will have certified resumes verified by a recognized agency, thereby offering
them a preferential status in the industry; every time an individual changes
jobs, he will not have to go through the verification process, and last but not
the least, as more and more IT professionals join the database, the industry
may decide to recruit only such candidates that have registered in the
database. For employers, it checks the menace of bloated resumes as
pre-verified facts are available for cross-checking, the risk of engaging any
employee on the basis of fake/forged documents is minimized, the benefit of a
background check done by any of the NASSCOM member companies will be available to
all other members of the industry (provided they have joined the NSR). This
will save cost and time involved in having background check done.
Some of the other security oriented initiatives by this industry to maintain
India's leadership position in the outsourcing are the Data Security Council of
India (DSCI), NASSCOM's ongoing multi-pronged Trusted Sourcing' Initiative to
strengthen the regulatory framework and further improve India's attractiveness
as an outsourcing destination - targeted at employees, organizations,
enforcement agencies and policy amendment, through a '4E Framework' -
Engagement, Education, Enactment and Enforcement, and the recently announced
Best Practices in Ethics Framework for the ITES-BPO industry under which
NASSCOM will launch an industry wide HR management guidelines for the ITeS–BPO
industry with an aim of creating a set of guidelines which will help in
attracting and retaining talent and solving the issue of attrition to a large
extent.
The Best Practices in Ethics Framework has been designed around employee
friendly policies, safety and security of employees, code of ethics in hiring
and corporate social responsibility.
With all these initiatives underway, NASSCOM and the industry are continuously
striving to ensure
(The author is an IPS officer and
former director of cyber security and compliance at NASSCOM. He is also part of the
newly formed Data Security Council of