How Offshore Providers Ensure Data Security | Article

lock and keyToday, outsourcing buyers are exploring the possibility of including an offshore component in their outsourcing strategies. The value proposition is just too compelling to ignore, given the economic slowdown in America and the labor arbitrage savings employing near shore and far shore workers.

Data security is a worry for buyers. Today offshore employees touch many sensitive financial documents: income tax returns, mortgage loan documents, credit card payments and auto leases, to name a few. Many insurance companies process their medical claims offshore. How can buyers be sure their data remains safe?

We asked Clarence Schmitz, Chairman and CEO of Outsource Partners International, Inc., (OPI) a New York, New York-based service provider with an Indian component, how his company ensures the data provided by its buyers is secure.

BER: How can you be certain your employees in America and India are trustworthy?

CS: We do extensive background checks on all our employees – both onshore and offshore.

BER: How can you be certain the buyers’ documents are safe?

CS: Their documents never leave their offices. We have them scan the documents into our system. If we’re doing tax returns for CPA firms or recording accounts payable for a manufacturing client, the original documents remain secure in their offices.

BER: Can malfeasants in your offshore offices tamper with the servers?

CS: None of this data resides outside the U.S. because all of our servers are here in America. Our offshore workers access the data from the servers here.

BER: Can you trust the Internet?

CS: We never use the Internet to transmit data. We only use proprietary lines and relays and apply the latest encryption techniques.

BER: How do you prevent someone in your Indian offices from copying the data?

CS: None of our computers in India have removable media drives. None are wired to a printer. And we’ve disabled their email capabilities. We don’t allow paper, pencils or pens at any work station.

Our offshore employees sit at a desk with two computer screens. The first screen shows the scanned data. They enter data into the second screen. These are manual processes like entering data into pre-formatted input and output screens. Our Indian employees respond to predefined formats. For example, in our income tax work, our Indian workers are populating the standard forms with data from the accountant.

BER: What about visitors? Can’t they see sensitive information on those computer screens?

CS: First of all, we never allow tours of our premises during working hours. We give tours when everyone has gone home and the screens are blank. Access to our building and our floors is restricted. And we hire armed guards who patrol our floors 24/7.

BER: What office procedures do you have to ensure policies are followed?

CS: We have very detailed office procedures. We have met the ISO 9001: 2000 requirements.

BER: Do your offshore offices have American supervision?

CS: Yes. For example, during tax season, we send U.S. CPAs to India to supervise the preparation of U.S. tax returns.

To sum up, protection of our clients’ information is of paramount importance, whether here or abroad. I maintain we employ higher security standards at our facilities, including those in India, than most CPA firms in the U.S.

BER: I didn’t pass a guy with a gun when I went to pick up my tax return!

Lessons from the Outsourcing Journal:

  • Outsourcing service providers are concerned about data security. OPI, for example, does not use the Internet to transmit data. It installed proprietary lines and uses encryption.
  • Its Indian employees cannot copy data because there are no removable computer drives, email capabilities or printers. Even pencils and paper are forbidden.
  • OPI does not allow visitor tours during working hours and has hired armed guards to protect its office.


Post a Comment

Your email address will not be published.

( required )

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>