Tweet

Data Security & Outsource Service Providers

Guest post by: Arthur Rothberg

Article Overview: Contracting with outsource business services partners frequently brings with it the need to share highly confidential and proprietary data. This article looks at best data security practices that should characterize the working relationship and be included in the contract between companies and their BPO service providers. Areas addressed include who should own data security when working with an outsourced provider, questions to ask BPO providers, and data new security technologies including continuous online backup and remote data wipe-out if a provider’s device is stolen.

Data Security & Outsource Service Providers

Successful outsourcing requires successful risk management. Be sure your outsource services provider is doing everything possible to protect the security of your sensitive data.

Business process outsourcing (BPO) offers benefits in the way of cost savings, efficiency gains, and access to specialized knowledge and expertise. However, professional service providers such as CFO services, CPAs, human resources providers and investor relations consultants require access to sensitive data assets to function effectively. In evaluating outsource service providers, it is important to focus heavily on data security and to ensure that the providers' solutions have security and risk mitigation built in at every level. Indeed, when selecting an executive service provider, data security should be considered a top priority along with other evaluative criteria such as cost or convenience.

High stakes

Regulatory compliance is a major driver when it comes to the need for data risk mitigation. In recent years, fines and legal sanctions resulting from data breaches - or even the possibility of data breaches - have become more common and far more costly. Lost, leaked or stolen data costs firms and consumers billions of dollars annually. In addition to the financial liability, the PR impact can be enormous, leading to loss of confidence among clients, investors, and the general public.

With this in mind, it is imperative that language around security needs and expectations be prominent and explicit in all outsourcing contracts. Similar to contractual non-disclosure and confidentiality statements, the security terms should leave no gaps or ambiguities that would allow either party to make incorrect assumptions. Specific requirements as dictated by statute, compliance regulations, corporate governance policies, and risk-reduction best practices should be spelled out clearly and completely.

Guard your data assets

While BPO providers continue to address security challenges, it is incumbent on the enterprise executive responsible for the outsourcing partnership to conduct due diligence and maintain awareness about what the provider is doing to ensure data asset security. Some questions to ask include the following:

• How and where are data files being maintained in terms of onsite, offsite and portable devices?
• Who has access to the firm's data assets?
• What encryption protocol is being used to protect the data assets?
• How, where and how often is the data being backed up?
• What software is being used to manage and manipulate the data?

If the provider delivers services from the cloud, the due diligence should includes assurance around the security of the cloud solution.

New data security technologies

The explosion in the use of laptops, notebooks, notepads, smart phones and other mobile devices to conduct business presents special data security challenges. Fortunately, there are new technologies designed to address remote data security that can be built into outsourcing strategies. Some best practices for remote file storage, file sharing, backup and data protection include the following:

1. Remote wipe-out and device recovery

If a device containing data assets is hacked, stolen, lost or misplaced, the data can be remotely erased and then recovered from a remote server. In addition to wiping the data clean remotely, some services can and identify the IP address of the thief.

2. Continuous online backup

If a device containing sensitive data is lost, damaged or destroyed, or the data itself is compromised or corrupted, continuous online backup ensures that the data is regularly saved on a remote server or in the cloud. Multiple generations of the data can then be recovered.

Back up company data before disaster hits

A review of data security as it relates to working with BPO providers prompts a look at how you're addressing your ongoing internal data security practices. What if all your company's data - email, financial records, word documents, database contacts, accounting files, plus everything else on the computer system - were wiped out completely? What would it take to restore or recreate all that data from scratch? Regular data backups are essential to protect against data-loss catastrophe. The backup plan should address the following areas:

• A precise description of the data to be backed up
• The location for the backup
• The frequency of backups
• Regular testing of backup to ensure accurate restoration
• The person responsible for backups

Among a firm's most critical data assets are financial and accounting records, and they require the most frequent backup, preferably daily.

In summary

Contracting with outsource business services partners frequently brings with it the need to share highly confidential and proprietary data. Best data security practices suggest the working relationship and contract include the following guidelines:

• The executive managing the outsource relationship should own the data security issue.
• Query potential contractors on their data security practices and technology.
• Request that contractors provide for backup and remote wipe-out if one of their devices is lost.
• Include language in your contracts with outsourcers to address data security just as you would include language around fees, terms, deliverables and non-disclosure.

Maintaining a laser focus on data asset security is a key differentiator for premier business process outsourcers. The use of best practices and cutting edge technology to provide best available data security and prevent catastrophic loss of data enables firms to align the cost-savings and efficiency benefits of outsourcing with responsibilities related to risk management and data asset security.

Related Articles
  Outsourcing and IT Services
  10 things to consider when looking at Cloud services.
  How to Develop Organizational Culture in an E-Business
  Security Concerns with Cloud Computing Services
  How to maintain data privacy?
  Managing your Brand in an Insecure World
  Data processing Requirements
  Is Your Cloud Provider Sidestepping Security?
  4 Reasons to Use Online Backup Services
  Hosting Service Providers in India: Ways to Solve Outgoing Spam Problem
  VPN vs. Cloud Computing
  Data Security is Mandatory
  Indian Hosting Company: Physical Security in the Datacenter
  News for Software Outosourcing Development
  Data Loss - The Scariest Term in Business Today
  Make Outsourcing A Strategic Business Decision For Your Small Business
  Excel Spreadsheets for Time Tracking - Hazard or Handy Tool?
  Hire Data Entry Support to get quality data entry services at cost effective rates
  The Case for Outsourcing
  The Market and Marketing Side of Custom Sleeve Printing

Article Tags: back up, backup, best practice, bpo, business process outsourcing, CFO services, challenge, cloud, data, data security, encryption, online, outsource, policies, processes, protect, recovery, remote, restore, risk mitigation, security, service, wipe out



Related Forum Posts
Re: Ways to Boost Productivity - 1. Give Employees More Than a Paycheck 2. Provide Better eSupport Channels to Promote Self-Service 3. Complete your most dreaded tasks first thing in the morning. 4. Outsource as much as possible 5. . Turn off the TV.
Re: Service Or Product? - I agree with starting a Service-based Business in the economy. Here is what I think is critical: 1. Researching that your Service business has a market. 2. Marketing the Service with as much leverage as possible. 3. Product-izing the Service (aka Package Expert Knowledge). This will only help elevate you as "the" expert in your niche and make you accessible to people in different price points.
Re: The Mobile Marketing - Mobile Marketing involves communicating with the consumer via cellular (or mobile) device, either to send a simple marketing message, to introduce them to a new audience participation-based campaign or to allow them to visit a mobile website. Some of the tools of the trade and a few of the concepts that will be featured in this Mobile Marketing 101 series are: Multimedia Messaging Services (MMS) Unstructured Supplementary Service Data (USSD) Bluetooth, Wireless and Infrared Mobile Internet and Social Media Mobile Applications Mobile connectivity not only enables people to connect to the Internet via a cellular telephone, PDA or other gadget, but also consolidates the different communication channels in a simple, yet effective, medium. Cheaper than traditional means for both the consumer and the marketer - and easy enough for almost any age group to understand and engage with - Mobile Marketing really is a streamlined version of traditional eMarketing.
Re: Template of Service Agreement/Contractor Agreement - Shimmy- I, too, would be happy to share my template contract for a service provider. But beware, a template agreement may not be sufficient to properly address your needs. Some key differences between Employees and Service Providers: 1. Tax Status. Employers are responsible for withholding tax on employee's earnings. Independent Contractors are responsible for reporting their income/taxes. There is a significant reporting burden and liability associated with this. 2. Confidentiality/Intellectual Property. Often times, employee handbooks will specify an employees confidentiality obligations and many states impute a duty of loyalty. Contractors are under no such obligations absent a written agreement. Same thing for IP/Creative works. The copyright Act draws a sharp and significant distinction between employees and contractors when it comes to ownership of creative works. 3. Liability for tortious acts. Generally an employer is liable for the tortious acts of its employees under the theory of respondeat superior. An entity hiring a contractor may/may not be liable, but without a written agreement for the contractor to indemnify/defend the hiring entity, their may be little recourse against the contractor. There are many other subtle differences too numerous to mention. I hope you find this helpful.
Re: What's the best anti-virus/spyware software? - I use home AVG Internet Security and I'm pretty satisfied with it.


Share this article with your friends. Fund someone's dream.

Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.

Newsletter

Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!

Name:
Email:

Popular Articles

Here's a great ROI

Good News Travels Fast

ROSI Return on SUNK Investment

Suggestions

Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.