The Confederation of Indian Industry (CII) has initiated an 'Audit Facilitation' service for the US industry that lets US companies route their requirements of conducting information security audits of Indian companies in the BPO and other sectors through the CII — thus being assured of the audit integrity without having to initiate expensive and onerous due-diligence processes in selecting trusted security partners.

Under US laws, the US Company outsourcing its processes to India bears the onus of ensuring that the Indian BPO company meets applicable security and privacy requirements. For this, the US firm has to conduct regular security audits of the Indian BPO firm.

Given the geographical dispersion, it becomes cost-prohibitive for the US firm to conduct these audits on its own. Therefore, they are increasingly found to be seeking liaison with Indian security companies to whom they can outsource the security audit function. However, given the sensitivity, the US firm requires to be assured on their 'audit integrity'.

For the foreign company to select such trusted firms is an onerous task. For instance, a leading US financial institution had sent its appraisal team to India for six weeks to evaluate security firms across the country. Typically, such a process could take anywhere from three to five months.

CII — as India's premier business association, non-governmental, not-for-profit and non-aligned — is uniquely placed to serve as mediator for US firms seeking to vet Indian companies to allay their security concerns. US firms routing their security audit requirements through CII, would be assured of integrity without having to initiate expensive due-diligence processes in selecting trusted security partners.