Organisations wanting to outsource their business processes to India are driven by the motivation of cost savings. However, they are obligated to conform to their local legislative and regulatory regime. In many cases, this regime also extends to the Indian company undertaking the outsourcing job on behalf of their foreign principal. The company outsourcing its processes bears the onus of monitoring the Indian BPO company to ensure compliance with legislative and regulatory requirements. For instance the Gramm-Leach-Bliley Act (GLBA) places the onus on the financial institution outsourcing its processes to India to ensure that the Indian BPO company complies with the applicable security and privacy requirements. Under this legislation, the financial institution needs to oversee, on an ongoing basis, all the activities occurring around the outsourced work to:

What this means is that foreign companies wishing to outsource their processes to India require to assure themselves not only of the 'quality capability' of the prospective Indian companies they intend to contract with, but also (and perhaps more importantly) of the 'security capability' that these Indian BPO companies possess. The security factor, thus, has become vital to the growth of the Indian BPO industry.

Security certification services
Just as the CMM certification is an indicator of the 'quality capability' and maturity of a firm, the BS 7799 certification points to the 'security capability' and maturity of the firm in managing information security systems. The BS 7799 certification provides a high level of security assurance to the prospective foreign firm wishing to outsource its processes. Therefore, it will look for Indian BPO companies that have this certification in preference over those who do not. Thus, the number of Indian BPO companies urgently seeking the BS 7799 certification is expected to be huge.

Security audit services
Newer threats to information infrastructures emerge each day, underlining the need for information security checks that are relentless and which evolve constantly. Since, the foreign company has to (by regulatory requirement) maintain an 'ongoing oversight' on the Indian BPO firm, it per force must conduct regular security audits of the Indian BPO firm's information security arrangements, to ensure that it is in line with the threat environment.

Given the geographical dispersion, it becomes cost-prohibitive for the foreign firm to conduct these audits on its own. Therefore, foreign firms are increasingly found to be seeking liaison with Indian security companies to whom they can outsource the security audit function. However, given the sensitivity, the foreign firm should be able to rest assured that the issue of 'audit integrity' is sacrosanct. Thus, relationship between the Indian security firm and the foreign company can only be founded on trust, and world-class professional ability.