DSCI
Encyclopedia
The Data Security Council of India (DSCI)http://www.dsci.in/, which was set up by NASSCOM
in August 2008, has recently announced its best practices framework for data security
and data privacy
in Indian enterprises.
DSCI is a self-regulatory and not-for-profit organization, with a sole mission to promote India as a secure destination for outsourcing. DSCI wants to promote these best practices among IT business process outsourcing (BPO), service providers, banking and financial services, manufacturing, e-governance, telecom, public sector units (PSU) and e-commerce verticals.
Many Indian IT BPO and knowledge process outsourcing
(KPO) organizations serve clients from across various locations such as the U.S., U.K. and Australia. Hence these organizations are subject to these countries' data security and privacy protection regulations. According to DSCI, IT BPO players face major challenges when it comes to meeting multiple regulatory requirements and establishing the corresponding security controls. "After deep analysis of these compliance requirements and other emerging security risks, we decided to develop comprehensive best practices framework," says Kamlesh Bajaj, the CEO of DSCI. The IT amendment act 2008 also now necessitates that Indian enterprises implement reasonable security practices to protect personal data.
DSCI has developed separate frameworks for data security and data privacy. The security framework comprises 16 best practices organised in four layers which are basically an extension of the ISO 27001 standard. The privacy framework comprises 9 best practices organised in 3 layers.
Although several large Indian companies have already adopted the ISO 27001 standard, Bajaj feels that these organizations need more when it comes to data security and privacy. "The security threat landscape has changed over past few years, which calls for special attention. For example, ISO 27001 covers only a few aspects of application security. However, application security threats have become very sophisticated, and organizations need to evolve their security practices. DSCI's security framework tries to address such new threat areas with detailed understanding." says Bajaj. It consists of best practices in various areas like application security, business continuity, disaster recovery, threat management, infrastructure security, risk, compliance and access management.
The DSCI framework tries to guide organizations on how to create application security strategies, architecture, intelligence mechanisms, integration of applications security in the overall application life cycle management, testing of applications and vulnerability assessment.
The DSCI privacy framework is specially aimed at data protection practices for companies engaged in outsourcing. DSCI has developed nine best practice areas for protection of personal data, which include creating visibility over personal information, privacy policies, regulatory compliance intelligence, privacy contract management, and information usage.
DSCI is conducting pilot tests with Indian organizations and plans to have publicly available case studies by December 2009. Since the framework only covers best practices, DSCI plans to develop an implementation methodology that provides information on the technical and operational aspects of security best practices.
NASSCOM
The National Association of Software and Services Companies of IT software and services related activities for use of both the software developers as well as interested companies overseas....
in August 2008, has recently announced its best practices framework for data security
Data security
Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Data security is part of the larger practice of Information security.- Disk Encryption...
and data privacy
Data privacy
Information privacy, or data privacy is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them....
in Indian enterprises.
DSCI is a self-regulatory and not-for-profit organization, with a sole mission to promote India as a secure destination for outsourcing. DSCI wants to promote these best practices among IT business process outsourcing (BPO), service providers, banking and financial services, manufacturing, e-governance, telecom, public sector units (PSU) and e-commerce verticals.
Many Indian IT BPO and knowledge process outsourcing
Knowledge process outsourcing
Knowledge process outsourcing is a form of outsourcing, in which knowledge-related and information-related work is carried out by workers in a different company or by a subsidiary of the same organization, which may be in the same country or in an offshore location to save cost...
(KPO) organizations serve clients from across various locations such as the U.S., U.K. and Australia. Hence these organizations are subject to these countries' data security and privacy protection regulations. According to DSCI, IT BPO players face major challenges when it comes to meeting multiple regulatory requirements and establishing the corresponding security controls. "After deep analysis of these compliance requirements and other emerging security risks, we decided to develop comprehensive best practices framework," says Kamlesh Bajaj, the CEO of DSCI. The IT amendment act 2008 also now necessitates that Indian enterprises implement reasonable security practices to protect personal data.
DSCI has developed separate frameworks for data security and data privacy. The security framework comprises 16 best practices organised in four layers which are basically an extension of the ISO 27001 standard. The privacy framework comprises 9 best practices organised in 3 layers.
Although several large Indian companies have already adopted the ISO 27001 standard, Bajaj feels that these organizations need more when it comes to data security and privacy. "The security threat landscape has changed over past few years, which calls for special attention. For example, ISO 27001 covers only a few aspects of application security. However, application security threats have become very sophisticated, and organizations need to evolve their security practices. DSCI's security framework tries to address such new threat areas with detailed understanding." says Bajaj. It consists of best practices in various areas like application security, business continuity, disaster recovery, threat management, infrastructure security, risk, compliance and access management.
The DSCI framework tries to guide organizations on how to create application security strategies, architecture, intelligence mechanisms, integration of applications security in the overall application life cycle management, testing of applications and vulnerability assessment.
The DSCI privacy framework is specially aimed at data protection practices for companies engaged in outsourcing. DSCI has developed nine best practice areas for protection of personal data, which include creating visibility over personal information, privacy policies, regulatory compliance intelligence, privacy contract management, and information usage.
DSCI is conducting pilot tests with Indian organizations and plans to have publicly available case studies by December 2009. Since the framework only covers best practices, DSCI plans to develop an implementation methodology that provides information on the technical and operational aspects of security best practices.