Nandkumar Saravade
Former Director Cyber Security and Compliance NASSCOM

BANGALORE, INDIA: One of the key issues to emerge in a globalized world, especially for the Information Technology (IT) industry, is that of security. Ranging across diverse and disparate elements like physical security, to the relatively new concepts of data security, cyber security, governance, business continuity, logical security, safeguarding IP and software change management, this dynamic space is continuously evolving, both from the industry's point of view as well as the side of the attackers, malicious hackers and cyber criminals.

Today, the issue of security is becoming a vital one for both customers and outsourcing service suppliers.

Undoubtedly, the Indian IT-BPO industry has been watching this very closely, and proactively making efforts to check and preempt possible attacks and threats, conscious of the fact that if not properly handled, the above highlighted issues could well derail the growth of the IT industry. Safeguarding security therefore becomes an imperative agenda for this industry since it serves customers across the globe, and often has access to confidential and personal data of customers and corporates.

There have been a number of initiatives that the IT industry has come forward to take across multiple touch points like employees, employers, law enforcement agencies and the customers. Being the representative body for the Indian IT and BPO industry, NASSCOM has been actively pursuing these objectives.

The Indian IT software and services industry currently generates export revenues of $31.3 billion, and $8.2 billion from the domestic market (figures as of July '07), with a projection to clock $60 billion from exports by 2010, and employs 1.6 million individuals directly and over 6.4 million indirectly (for every job created in IT-ITES, four jobs are created in rest of the economy- NASSCOM Crisil Report 2007).

The industry is making a significant positive impact on the Indian economy and the people of this country. The industry is expected to employ 2.3 million employees by 2010.

Security is often said to be a three-dimensional problem: involving people, process and technology. Employing the best practices on an assured workforce for better security, background checks have become de rigueur for Indian IT and BPO companies, which operate in a globally competitive environment.

With such large scale hiring, it is extremely challenging even though critical, to track the background of each employee hired by a company. Given the growth projections of the industry, human resource (HR) departments are under a lot of pressure to recruit in large numbers, and sometimes these time pressures keep them from doing due diligence before hiring.

Lack of industry ready talent (the numbers are available but the skill sets are lacking), the intensely competitive recruitment environment, relatively high attrition rate of the sector, although internal to the industry and possible fudging of skill sets and salary details by potential employees are serious issues, and given the intense pressure to recruit in large numbers, recruitment teams are unable to sieve these 'fake' CVs and sometimes end up hiring such candidates as well. Against this background, even though it is a remote possibility, ignoring background checks of potential employees can unknowingly lead to inclusion of individuals with a criminal record, or simply undesirable elements into the industry's workforce, thereby making background checks indispensable for this industry.

The Indian IT-BPO industry has, and will continue to raise the standards for the safety of the employees and the clients. These issues are being taken extremely seriously, not only by NASSCOM, but also the government, the legal authorities and the police. In recognition of these, NASSCOM has worked closely with industry and taken a number of pro-active steps.

Specifically to address the challenge of background checks, NASSCOM, along with the support of the IT and BPO industry has constituted the National Skills Registry (NSR) - a voluntary, centralized pan-India database of all employees of the IT services and BPO companies in India.

NSR contains third party verified personal, qualification and career-related information of IT–BPO professionals. As of September 2007, over 150, 000 employees across 43 companies are registered with NSR. With the positive response received by the industry, the target is to take this number four times over to touch 500,000 by April 2008. NASSCOM will also be rolling out a road show series to generate awareness in the next six months across eight cities beginning October 2007.

This initiative includes creating, operating and maintaining a national database of employees working in the IT-BPO sector in India. The objective of NSR is to improve recruitment practices in the Indian IT - BPO industry, which will in turn help in maintaining India's global competitive advantage. It is an employee-friendly measure to minimize any misuse of employee identity. The ownership of the data resides with the IT professional and prospective employers will be able to view the verified resume for a limited period of time, only if authorized by the professional, thereby protecting the privacy of an employee's personal details.

The NSR offers benefits to all stakeholders. Among other benefits, employees will have certified resumes verified by a recognized agency, thereby offering them a preferential status in the industry; every time an individual changes jobs, he will not have to go through the verification process, and last but not the least, as more and more IT professionals join the database, the industry may decide to recruit only such candidates that have registered in the database. For employers, it checks the menace of bloated resumes as pre-verified facts are available for cross-checking, the risk of engaging any employee on the basis of fake/forged documents is minimized, the benefit of a background check done by any of the NASSCOM member companies will be available to all other members of the industry (provided they have joined the NSR). This will save cost and time involved in having background check done.

Some of the other security oriented initiatives by this industry to maintain India's leadership position in the outsourcing are the Data Security Council of India (DSCI), NASSCOM's ongoing multi-pronged Trusted Sourcing' Initiative to strengthen the regulatory framework and further improve India's attractiveness as an outsourcing destination - targeted at employees, organizations, enforcement agencies and policy amendment, through a '4E Framework' - Engagement, Education, Enactment and Enforcement, and the recently announced Best Practices in Ethics Framework for the ITES-BPO industry under which NASSCOM will launch an industry wide HR management guidelines for the ITeS–BPO industry with an aim of creating a set of guidelines which will help in attracting and retaining talent and solving the issue of attrition to a large extent.

The Best Practices in Ethics Framework has been designed around employee friendly policies, safety and security of employees, code of ethics in hiring and corporate social responsibility.

With all these initiatives underway, NASSCOM and the industry are continuously striving to ensure India remains the safest destination for the outsourcing industry and will leave no stone unturned to achieve this objective.

(The author is an IPS officer and former director of cyber security and compliance at NASSCOM. He is also part of the newly formed Data Security Council of India. The views expressed in the article are of the author's. CyberMedia News of the CyberMedia Group need not necessarily subscribe to the views mentioned in the article either in full or in part.)