Original URL: http://www.theregister.co.uk/2006/05/12/indian_security/
Indian IT firms look for data security chief
Employee database ain't enough
The Indian IT industry is setting up an organisation to police data security among firms handling outsourcing contracts from countries such as the UK.
The move is intended to counter fears raised by reports last year of security breaches involving data held by Indian services firms on behalf of Western banks.
The National Association of Software and Service Companies (Nasscom), an Indian trade association, has already introduced a database to police IT workers.
It is now searching for a CEO to launch a Self-Regulatory Organisation (SRO) to set and police ethics in the Indian IT services workplace. Nasscom will launch the body, but insists it will be run independently after a year.
In a briefing paper, Nasscom said the SRO would lay out a code of ethics and would see that Indian outsourcers adhered to them with a regime of "self-certified" and "third-party" audits.
The paper said the new organisation would be responsible for training staff and managing a membership of companies, which would face expulsion if they breached security standards.
Nasscom is backing a stronger legal framework for data security, a topic that is being debated in the Indian Parliament this year.
Nasscom claimed to have already been responsible for training 2,000 police officers in cybercrime investigating. ®