Business process outsourcing (BPO), such credit card transactions, medical claims data entry and financial transactions, has been around for a number of years. The act of outsourcing these functions offshore to India has become increasingly more viable since a great amount of progress has been achieved in developing the information security framework to protect customer data.

Many of the risks in outsourcing to India based companies have been mitigated through trial and error along with the adoption of best practices emerging from all parts of the globe. Over the past 7-10 years, many security risk analysis and reviews have resulted in controls being implemented in most facets of security: administratively, physically and technically. Contracts now have the appropriate language to protect sensitive data and physical security measures have been built to align with the client’s company policies and standards. The technical measures continue to build upon a strong foundation built in partnerships with government and outsourcing firms.

As we gain the benefits of this maturing environment, it becomes increasingly challenging for the India based outsourcers to remain competitive in the world economy. Many outsourcers realize this issue and have turned to China for the answers.


As businesses attempt to keep variable cost structures intact and operational costs down, China presents itself favorably. India based outsourcers are starting to reduce their costs by outsourcing your BPO process to China to remain cost competitive and offset client defection. This change allows them to remain competitive in the world economy but this places a big question back on the security risks we have started to overcome with India over the past few years. No matter which way this outsourcing arrangement occurs, one point remains the same… new data distribution points means increased risk and exposure for companies and their customers until they are reassessed.

On the surface the BPO outsourcing appears as a reduction in the cost associated with the outsourcing partner. From an information security perspective, red flags should pop up early, especially in the review process, to question the cost savings and how it will be achieved in light of potential increases in due diligence and due care. Information security brings enormous value to the table since part of our mantra is to ensure that businesses can truly keep those cost savings it expects while maintaining the proper security posture.