December 2010
The Importance of
Data Confidentiality and Security in Outsourcing
Considering data confidentiality and security is of paramount importance when embarking on an outsourcing program, particularly for regulated entities in the financial services sector. Contrary to popular belief, the responsibility to comply with privacy and data confidentiality regulations is not passed on to the outsourcing services provider, but rather remains with the purchaser of outsourcing services. Therefore, buyers of outsourcing services are well advised to closely examine how prospective outsourcing service providers deal with physical and information technology security, as well as data confidentiality.
Assessing an outsourcing provider’s data confidentiality and security capabilities begins with knowing what to ask. We have compiled a series of helpful questions to ask service providers regarding how they address a potential buyer’s concern about this important matter.
Physical Security
  • Do the processing site and data centre have a secure and controlled data centre environment with fire suppression, emergency power supply (UPS and generator), cooling, and building security?
  • What is the process for personnel to gain entry to processing sites and data centres?
  • Are electronic devices (such as mobile phones with cameras) admitted into processing sites and data centres?
  • Is there a ZERO right to privacy policy in place for processing sites and data centres?
  • Is there video surveillance?
  • How many layers of physical authentication exist to access the processing sites and data centres?
  • Are biometric authentication procedures used?
Information Technology and Data Security
  • What are the procedures to ensure that only authorized users have access to data?
  • Are periodic background checks performed on personnel with access to data?
  • Are your processes/procedures certified (i.e., ISO, COBIT)?
  • Are your processes/procedures and controls independently audited?
Data Confidentiality
  • What measures are used to secure data transfers between all related parties?
  • Is confidential data redacted according to user access rights?
  • Does the processing centre provide for a secure processing environment (no means to copy/print/email data)?
Choosing the right outsourcing service provider partner is an important element of the outsourcing process. While the questions above are not by any means comprehensive, they provide a solid starting point for obtaining sufficient information to make an informed assessment of an outsourcing service provider’s data confidentiality and physical and information technology security capabilities. Ultimately, the results of this assessment should flow through to the contractual components, including the master service agreement, statement of work and service level agreement.
Amicorp BPO Services understands the impact of a data security breach and has the processes in place to prevent such a breach. As a regulated financial services entity, Amicorp is aware of the significance of proper data controls and physical security and, to this end, effectively uses the know-how and infrastructure of our IT and Business Process Outsourcing business unit. With a data centre in Switzerland secured by five layers of physical security and ISO certified processes, Amicorp delivers secure outsourcing solutions to clients around the globe. Furthermore, Amicorp has developed a unique solution that encodes data coming from the client so that processing personnel cannot see the encoded fields during processing. After processing, the encoding process is reversed when data is returned to the client, thus ensuring comprehensive data confidentiality during the entire processing cycle.
For more information please visit or contact one of our sales representatives:
Mar Hernandez
BPO Sales & Marketing Director
Hanno de Vriend
BPO Director
Fernando Cancino
BPO Sales Executive
Download this article
Also read this in Spanish
© Amicorp Group