Hi All,
We are a mid-sized BPO organization providing services to the domestic sector primarily in the financial services domain. Our operations are hugely decentralized as we're dealing with a wide spectrum of processes right from Feet On Street to high-end KPO segments.
We want to get a sign-off from all our employees on a data security undertaking. Can someone please help me with a sample document on the same?
Thanks,
Sameer
From India, Mumbai
Acknowledge(0)
Amend(0)
1We are a mid-sized BPO organization providing services to the domestic sector primarily in the financial services domain. Our operations are hugely decentralized as we're dealing with a wide spectrum of processes right from Feet On Street to high-end KPO segments.
We want to get a sign-off from all our employees on a data security undertaking. Can someone please help me with a sample document on the same?
Thanks,
Sameer
From India, Mumbai
Acknowledge(0)Amend(0)
Sameer, first, buy a copy of ISO 27001. There are 127 controls; formulate a policy/framework, etc., and work systematically.
The second step is to spend a very small sum of 5,500/- and get a few of your employees trained on the same from CETE, Noida. Piecemeal approaches cause more harm than benefit; for example, getting a simple document signed from your employees will not help you or your customers. Another example is the lack of background checks among employees. If an employee commits fraud, then it's difficult to estimate liabilities/loss of goodwill.
Surya Vrat
From India, Delhi
Acknowledge(0)Amend(0)
The second step is to spend a very small sum of 5,500/- and get a few of your employees trained on the same from CETE, Noida. Piecemeal approaches cause more harm than benefit; for example, getting a simple document signed from your employees will not help you or your customers. Another example is the lack of background checks among employees. If an employee commits fraud, then it's difficult to estimate liabilities/loss of goodwill.
Surya Vrat
From India, Delhi
Acknowledge(0)Amend(0)
Thank you, Surya Vrat :)
We have procedures like background checks in place since the industry we're servicing is quite susceptible to fraud. These processes have been in place for quite some time.
The problem here is that we're in a crucial transition phase on various fronts, right from the structure of the organization to the business model. We started off as a staffing and manpower providing organization under individual control. And now, we're evolving into a professionally managed BPO working on an SLA-based business model. The catch is that this transition is happening at an extremely rapid pace, thus leaving very little breathing space.
So far, there were no written policies on anything and now, within the span of just 2-3 months, we are working on drafting policies that will lead to certifications like BS-7799, ISO27001, eSCM, etc. The constraint here is not budgets but time.
Anyways, thanks again for your inputs. It was really appreciated.
From India, Mumbai
Acknowledge(0)Amend(0)
We have procedures like background checks in place since the industry we're servicing is quite susceptible to fraud. These processes have been in place for quite some time.
The problem here is that we're in a crucial transition phase on various fronts, right from the structure of the organization to the business model. We started off as a staffing and manpower providing organization under individual control. And now, we're evolving into a professionally managed BPO working on an SLA-based business model. The catch is that this transition is happening at an extremely rapid pace, thus leaving very little breathing space.
So far, there were no written policies on anything and now, within the span of just 2-3 months, we are working on drafting policies that will lead to certifications like BS-7799, ISO27001, eSCM, etc. The constraint here is not budgets but time.
Anyways, thanks again for your inputs. It was really appreciated.
From India, Mumbai
Acknowledge(0)Amend(0)
You would need to start awareness trainings among the staff about the criticality of business information handled and work accordingly. For example, no removable media on PCs/mobiles/cameras, etc. Implement a clear desk and clear screen policy, i.e., use a shredder and provide lockers to staff to keep their belongings out of the operational area.
Implement a cascading system of logins, where the manager logs in first, followed by the team leader, and then others. PCs should log off after a defined period of inactivity. Background checks can be very cumbersome, and most organizations simply do not know how to handle them. A complete check should start from nativity and trace the individual's footprints till date.
How else would you know whether the person could be a sleeper cell of a terrorist organization? (Most spies/terrorist kingpins lead normal lives and are impossible to identify otherwise.) A simple cross-check of certificates or a couple of past organizations doesn't provide much insight.
In the US, there are two types of credit reports: one based on hard data, and the second is called investigative CRA, which is based on subjective details from neighbors/old pals, etc.
Surya
From India, Delhi
Acknowledge(0)Amend(0)
Implement a cascading system of logins, where the manager logs in first, followed by the team leader, and then others. PCs should log off after a defined period of inactivity. Background checks can be very cumbersome, and most organizations simply do not know how to handle them. A complete check should start from nativity and trace the individual's footprints till date.
How else would you know whether the person could be a sleeper cell of a terrorist organization? (Most spies/terrorist kingpins lead normal lives and are impossible to identify otherwise.) A simple cross-check of certificates or a couple of past organizations doesn't provide much insight.
In the US, there are two types of credit reports: one based on hard data, and the second is called investigative CRA, which is based on subjective details from neighbors/old pals, etc.
Surya
From India, Delhi
Acknowledge(0)Amend(0)
Addon:
Are the agents trained on the Data Protection Act, Distance Selling Directive, Telemarketing Sales Rule, Fair Debt Collection Practices Act, Fair Credit Reporting Act, Equal Credit Opportunity Act, HIPAA, CAN-SPAM Act, Communication Decency Act, Telecom Regulations (Lawful Business Practices & Interception of Communication) Act, etc.?
Surya
From India, Delhi
Acknowledge(0)Amend(0)
Are the agents trained on the Data Protection Act, Distance Selling Directive, Telemarketing Sales Rule, Fair Debt Collection Practices Act, Fair Credit Reporting Act, Equal Credit Opportunity Act, HIPAA, CAN-SPAM Act, Communication Decency Act, Telecom Regulations (Lawful Business Practices & Interception of Communication) Act, etc.?
Surya
From India, Delhi
Acknowledge(0)Amend(0)
Till a couple of months, they weren’t. But now, I’ve implemented training modules on quite a few regulations and legislations that are relevant to their specific roles.
From India, Mumbai
Acknowledge(0)Amend(0)
From India, Mumbai
Acknowledge(0)Amend(0)
Dear Member,
Hope all is well. I am pleased to receive constructive criticism; thank you for your comment. I do not feel any sense of irritation, as I have assisted numerous members in resolving their queries.
I firmly believe in the adage, "Teach a man to fish instead of giving him a fish," as this will enable him to catch fish for a lifetime.
Any additional comments you may have are always welcome.
All the best,
From India, Coimbatore
Acknowledge(0)Amend(0)
Hope all is well. I am pleased to receive constructive criticism; thank you for your comment. I do not feel any sense of irritation, as I have assisted numerous members in resolving their queries.
I firmly believe in the adage, "Teach a man to fish instead of giving him a fish," as this will enable him to catch fish for a lifetime.
Any additional comments you may have are always welcome.
All the best,
From India, Coimbatore
Acknowledge(0)Amend(0)
My idea was not to criticize. I just wanted to point out the fact that most of us are seasoned on discussion forums enough to know the basic tenets of searching. Posts like the one under discussion now should be used sparingly - only when you know for sure that the topic under discussion is an oft-discussed one and the person having posted will definitely get more than what he/she's currently getting by searching through keywords. But the way I've seen it happening over the few days that I've been on these forums, you post it on practically every single thread active on a particular day. Not the right approach in my opinion.
Cheers! :)
From India, Mumbai
Acknowledge(0)Amend(0)
Cheers! :)
From India, Mumbai
Acknowledge(0)Amend(0)
Dear Mr. Sardhar,
God alone has the power to judge others! This is what every religion teaches... yet Peer, did you learn something from what this gentleman is advising you on... the learning is: what you are doing is absolutely correct, but only in case of inquiries being posted by members who are delving into any topic for the first time.
Yet, don't you agree that some of the inquiries are not standard... don't customer service/ technical support guys add something to the FAQs each single day?
My dear friend Sardhar, let me share a ritual in Haj... don't people sit without food/drink and no talk either under the scorching sun on a barren hillock, surrounded by millions yet talking to nobody... just contemplating the ever-merciful Allah.
Sincerely yours,
Surya Vrat
From India, Delhi
Acknowledge(0)Amend(0)
God alone has the power to judge others! This is what every religion teaches... yet Peer, did you learn something from what this gentleman is advising you on... the learning is: what you are doing is absolutely correct, but only in case of inquiries being posted by members who are delving into any topic for the first time.
Yet, don't you agree that some of the inquiries are not standard... don't customer service/ technical support guys add something to the FAQs each single day?
My dear friend Sardhar, let me share a ritual in Haj... don't people sit without food/drink and no talk either under the scorching sun on a barren hillock, surrounded by millions yet talking to nobody... just contemplating the ever-merciful Allah.
Sincerely yours,
Surya Vrat
From India, Delhi
Acknowledge(0)Amend(0)CiteHR is an AI-augmented HR knowledge and collaboration platform, enabling HR professionals to solve real-world challenges, validate decisions, and stay ahead through collective intelligence and machine-enhanced guidance. Join Our Platform.
Employee reference policy.doc
Employee Data - Format.xls
Security Policy.zip