Data Security Undertaking

Hi All,
We are a mid-sized BPO organisation providing services to the domestic sector primarily in the financial services domain. Our operations are hugely decentralised as we're dealing with a wide spectrum of processes right from Feet On Street to high-end KPO segments.
We want to get a sign-off from all our employees on a data security undertaking. Can someone please help me with a sample document on the same?
Thanks,
Sameer

sameer,
first buy a copy of ISO 27001.
there are 127 controls, formulate a policy/ framwork etc and work systematically..
second step, is spend a vey small sum of 5,500/- and get a few of your employees trained on the same from CETE , Noida
piece meal approaches cause more harm than benefit eg getting a simple document signed from your employees will not help you or your customers.
another eg is lack of background check amongst employees, if an employee commits fraud, then its difficult to estimate liabilities/ loss of goodwill...
surya vrat

Thanks Surya Vrat :)
We have procedures like background checks etc. in place since the industry we're servicing is quite susceptible to fraud. These processes have been in place for quite soome time.
The problem here is that we're in a crucial transition phase on various fronts...right from the structure of the organisation to the business model. We started off as a staffing and manpower providing organisation under individual control. And now, we're evolving into a professionally managed BPO working on a SLA based business model. The catch is that this transition is happening at an extremely rapid pace, thus leaving very little breathing space.
So far, there were no written policies on anything and now, within the span of just 2-3 months, we are working on drafting policies that'll lead to certifications like BS-7799, ISO27001, eSCM etc. The constraint here is not budgets, but time.
Anyways, thaks again for your inputs. It was really appreciated.

you would need to start awareness trainings maongst the staff about the criticality of business info handled and work accordingly

eg no removable media on pcs/ mobiles/ cameras etc.

clear desk and clear screen policy ie use shredder, give lockers to staff to keep their stuff out of operations area.

cascading system of logins ie manager logis in, then TL, then others.. pCs log off after a defined area of activity.

background checks are vey cumbersome and most of the organsiations simply do not know how to handle it. a complete check starts from nativity and traces the footprints of the individual till date.

how else would you know ehether the person could be a sleeper cell of a terrorist organsiation (most spies/ terrorst kingpins lead normal lives and impossible to identify otehrwise)

a simple cross check of certificates or a couple of past organsiations doesnt do much.

in US there are 2 types of credit reprts

one based on hard data

the second is called investiugateive CRA is based on subjective details from neoighbours/ old pals etc

surya

Dear Friend,
Although I am unable to give the exact information you require, Kindly click on the following link, it will give you some required information,
https://www.citehr.com/search_new.ph...rity&submit=Go
Pls let me know was this information useful,,
If not let me try out more & give information,,,,
In CiteHR you will get A to Z information on HR…..
Regards
M. Peer Mohamed Sardhar
093831 93832

Hi Peer Mohammed...no offense meant. But its extremely irritating to see that template based message from you on every single thread (I know I'm exaggerating here...but I'm not very far from the truth). Most of us who post here asking for some information do so after searching. I've seen this message posted by you completely out of context at many places. All you do is generate the search URL based on keywords in the topic. The way I see it, its glorified spam. I was happier to see my post unanswered as compared to seeing this reply from you. I would request you to be a little more selective in according this "help" of yours.

addon:
are the agents trained on Data Protection Act, Distance selling directive, telemarketing sales rule, Fair debt collection practices acty, fair credit reporting act, equal credit opportunity act, HIPAA, CAN Spam act, Communication Decency act, Telecom Regulations(lawful business practices & interception of communication) act etc..
surya

Till a couple of months, they weren't. But now, I've implemented training modules on quite a few regulations and legislations that are relevant to their specific roles.

Dear Member,
Hope the Best,
I am happy that I am being Criticized, Thank you for the Comment.
I do not see any room for irritation. the same way I have helped many members to solve their queries...
I always believe in the following statement
Teach How to Fish Instead of Giving the Fish, which will give him Fish all along the Life,,,,
any more comments are always welcome.
All the Best....

My idea was not to criticise. I just wanted to point out the fact that most of us are seasoned on discussion forums enough to know the basic tenets of searching. Posts like the one under discussion now should be used sparingly - only when you know for sure that the topic under discussion is an oft discussed one and the person having posted will definitely get more than what he/she's currently getting by searching through keywords. But the way I've seen it happening over the few days that I've been on these forums, you post it on practically every single thread active on a particular day. Not the right approach in my opinion.
Cheers! :)