Indian Outsourcer Complies With U.S. Security Laws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // IT Strategy

Indian Outsourcer Complies With U.S. Security Laws

Patni Computing Systems has instituted measures to strictly adhere to HIPAA and the Sarbanes-Oxley Act.

Mumbai, India, might seem to be a strange place to institute rigorous IT safeguards to comply with the tough provisions of the HIPAA and Sarbanes-Oxley acts, but Indian outsourcing firm Patni Computing Systems has instituted measures to strictly adhere to those two U.S. security provisions.

With U.S. clients sending data to Patni's Mumbai headquarters, the Indian outsourcing firm has found that it must protect and secure the data--not only from potential standard incursions, but also to comply with the two security- and privacy-oriented acts. "We have to make sure our software is HIPAA and Sarbanes-Oxley compliant," Satish Joshi, Patni's chief technology officer and senior VP, said Wednesday in an interview. "When a U.S. customer runs the software, it has to be compliant."

Patni has several U.S. medical-insurance clients who specify that the offshore outsourcing firm comply with HIPAA, the Health Insurance Portability and Accountability Act of 1996. In addition, Patni has a few clients who must comply with the Sarbanes-Oxley Act, which calls for strict compliance with financial and accounting standards.

Joshi said Patni develops software for U.S. medical-insurance firms, and that software must meet the standards set by HIPAA for the protection of patient records. The emphasis is on creating software that can be used in the United States for HIPAA-compliant work and is not involved with the actual patient records. Software developed for U.S. financial firms must, likewise, comply with the accounting and financial standards set by Sarbanes-Oxley

Joshi, who oversees Patni's security and privacy issues, indicated that the safeguards to comply with HIPAA and Sarbanes-Oxley are just an extension of the company's existing security measures. Data from U.S. businesses typically is encrypted and sent to India over fiber-optic lines, but occasionally over satellite links. Encrypted data "is practically unbreakable," he said, adding that he does not know of any case where encrypted transmitted data has been broken. "We don't use disks or tapes to transmit data."

Noting that Patni's U.S. clients regularly visit the company's data center in Mumbai--the Indian city formerly called Bombay--Joshi said they find security and privacy safeguards to be as rigorous as they are in the U.S. Access to the firm's data center is tightly controlled and restricted, individuals' access to data is specific and limited to work specified, no magnetic media can be removed or brought into the data center without tight controls, and data backup and storage is controlled.

"Our clients need assurance that data is actually destroyed after work is done," Joshi said. "Most clients have their own security standards that they have to comply with. They can review our [quarterly] security audit reports."

The firm also requires its employees to sign non-disclosure agreements. "We know that people can carry information in their heads," he said. "So we have rigid non-disclosure pacts."

Patni generally follows the security and privacy guidelines set by the ISO 17799 and BS 7799, international and British security standards, respectively.

Patni maintains its U.S. headquarters in Cambridge, Mass., where the firm began after its founder, Naren Patni, graduated from MIT 25 years ago. It has more than 15 offices in the United States, and Its roster of 150 clients includes big U.S. companies such as Coca-Cola, General Electric, Guardian Life Insurance, and Putnam Investments.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
News
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll