Things Outsourcers Can Do Now to Convince Clients of Data Security

CDM Media’s Senior Director of Content & C-Suite Communities, James Quin is regularly cited in various media stories across a variety of industries. But leading up to these article inclusions are many conversations and insightful commentaries which don’t always make the publication. In this weekly (or more!) new section, James shares his responses to a myriad of tech topics he discusses with journalists. 

Background digital image of world map with connection lines

 

It’s no secret that data security is a top concern when it comes to outsourcing. In a recent discussion with a reporter from Nearshore Americas, James Quin shared some key insights when it comes to instilling client confidence:

The things that an outsource provider can do to help address the concerns of their customers and potential customers fall, realistically into two camps. The first is anticipate the kind of concerns and questions that a client might have and implement systems and controls to address them, and the second is to obtain some form of independent third party verification of the implementation and efficacy of those controls so that clients aren’t just taking your word on it.

For the first area, the concerns and controls themselves much of it is going to revolve around data protection and data management so be prepared to ask questions about encryption, access controls, backups, disaster recovery, network and systems reliability and redundancy, and even employee screening protocols. Really, anything that can have an impact on the confidentiality, integrity, and availability of the data must be assessed and controls to manage it put in place.

For the second, there are a number of options that are available. For a long time the standard has been SAS 70 Type II certification but SAS 70 is being phased out in favor of SSAE 16. These are audited verification of across the board controls, not just IT and security but are applicable. For technology-specific concerns something like ISO27001 goes a long way as well. Be also prepared to share historical data, not just the latest report so that clients can see a trend of trustworthiness, not just a point in time measurement.

To learn more or attend one of our CISO Summits, visit http://www.cisosummits.com/

 

Leave a Reply

Your email address will not be published. Required fields are marked *