Home       Top Rated       Submit Article     Advanced Search     FAQ       Contact Us       Lawyers in India       Law Forum     RSS Feeds     

Register your Copyright Online

We offer copyright registration right from your desktop click here for details.

Latest Articles | Articles 2014 | Articles 2013 | Articles 2012 | Articles 2011 | Articles 2010 | Articles 2009 | Articles 2008 | Articles 2007 | Articles 2006 | Articles 2000-05

Search On:Laws in IndiaLawyers Search

Mutual Consent Divorce in Delhi
We provide fast, cost effective and Hassle free solution.
Contact us at Ph no: 9650499965 (Divorce Law Firm Delhi)
File Caveat in Supreme Court
Contact Ph no: +9650499965

Main Categories
 Accident Law
 Animal Laws
 Aviation Law
 Bangladesh Law
 Banking and Finance laws
 Case Laws
 Civil Laws
 Company Law
 Constitutional Law
 Consumer laws
 Contracts laws
 Criminal law
 Drug laws
 Dubai laws
 Educational laws
 Employment / Labour laws
 Environmental Law
 family law
 Gay laws and Third Gender
 Human Rights laws
 Immigration laws
 Insurance / Accident Claim
 Intellectual Property
 International Law
 Juvenile Laws
 Law - lawyers & legal Profession
 Legal Aid and Lok Adalat
 Legal outsourcing
 Media laws
 Medico legal
 Real estate laws
 Right To Information
 Tax Laws
 Torts Law
 Woman Issues
 Workplace Equality & Non-Discrimination
 Yet Another Category

More Options
 Most read articles
 Most rated articles

Subscribe now and receive free articles and updates instantly.


Published : September 10, 2014 | Author : hitechlpo
Category : Legal outsourcing | Total Views : 2936 | Rating :

Snehi Kumari Legal Process Manager at Hi-Tech LPO having nearly Six Years of significant experience in LPO services. Currently working as Manager at Hi-Tech LPO and Having comprehensive insight and exposure to streamlining internal procedures; quality control methodologies; and broad areas of project management. Capable of handling administrative functions and sensitive projects effectively. Result oriented and ability to work as a team and get along with clients and colleagues. Having strong leadership and organizational skills and ability to handle work under pressure to meet deadlines.

Assessing Information Security in the course of an LPO Vendor Site Stopover

General Counsels need LPO vendors to select an applicable standard, implement it meticulously and subject their operations to periodic testing by a self-governing third party. Some uses of LPO will be less critical with regard to the information security but for organizations aiming to utilize intricate LPO vendors or to outsource work necessitating intensified security encompassing M & A doc review, litigation, a single standard will be easiest to assess and monitor over time.

Certification is intended to preclude the requirement for every General Counsel or other LPO clients to send an information security specialist to assess information security controls at each vendor. However, LPO clients cannot depend on third party certifications alone.

When outsourcing legal work (and most other types of work) clients should also guard their information by meticulously reviewing a vendor’s written security policies and practices.

Clients should then make site visits - to detect and interview vendor personnel in order to verify their attentiveness of policies, to analyze the entire information security culture. In this write-up we will discuss about LPO vendor site stopover to be conducted at the time of due diligence and afterward at least annually. Information security terms are also an essential part of an LPO vendor contract.

Assessing Information Security In The Course Of An LPO Vendor Site Stopover:

As part of an RFI or RFP process, probe potential vendors to shape any information security standard to which they follow, to provide a copy of their information security policies and procedures and any third-party information security certification, and to outline the information security training program for LPO vendor employees. Utilizing this information, arrange for LPO vendor site stopover by making note of items that can sensibly be confirmed during a site stopover.

During LPO vendor site stopover, you will archetypally be exposed to the vendors’ most elegant and astute staff members; so on top of asking to speak with particular individual staff with whom you would be working, you should also notice and intermingle with passing individuals during the facility tour. Your inquiries and observations should be structured to allow you to assess internal operations and controls, technical controls and physical security and possibly most prominently but least easily distinguished, the organizational cultural norms about client security and confidentiality.

To illustrate few inquiries and observations that may assist you in assessing vendors’ information security practices let us concentrate on the below mentioned criterions:

Physical Operations:

It is important to understand, how a vendor controls physical entrance into its premises. Another important point of scrutiny is whether entry into parts of the physical premises that are marked for crucial activities such as server rooms are distinctly controlled or not. Besides, when clients visit vendor premises for audit, they should duly examine whether the camera recordings in the premises are mentored well, and also inspect the various security practices that the in-house staff at the vendors end follows.

Technological Operations:

Now, there are a lot of instances where due to operational negligence, client data gets misplaced and leaks out. In-order to avoid this it is important to audit the technological operations and security measures implemented to avoid any kind of misplaced information and resulting leaks at the vendors operational center. For example, clients can probe the vendors about the mailing system, modes of internal official communication, and the security of data in devices such as laptops, which can be easily taken out of the premises.

Organizational Mind-set:

Integrity is the biggest virtue to scout for, in employees. Law firms and legal counsels should ensure that the vendor they are engaging, employees people only after conducting a thorough background check. Additionally clients should ensure that all employees at the vendor’s place should be deliberated upon the required security measures and a privacy sensitive culture should be encouraged.

Information security fortification is more than a set of policies and certification; it is also an attitude and culture. Your inquiries should be intended to assess not just the formal policies, but also how they are executed on a daily basis, and will be employed when you are no longer on-site.

Remember do not overlook your vendor’s partnering strategy. Comprehend how your vendor works with its service providers. In most cases you should forbid the sharing of information and subcontracting. It is one thing to trust your LPO vendor with whom you have a contract in place, but it is quite another to circuitously have faith in supplementary parties. If for some reason, third party would have access to your information, they would need the same certification and due persistence of the partner that you would of the vendor. Remember that while information security is a crucial part of an LPO providers operation it is just one aspect of assessing an LPO vendor.

The most prevalent information security standard among LPO vendors is ISO 27001 (www.iso.org). It was initially distributed in October 2005. It is a specification for an Information Security Management System that improved and synchronized British standard BS7799-2 with other standards. ISO 27002 is a code of practice for information security that shapes latent controls and control mechanisms which can be executed subject to the guidance provided within ISO 27001. The standard outlines a model for launching, executing, functioning, observing, appraising, maintaining, and augmenting an information security management system, and encompasses assistance to protect not only information stored utilizing electronic means, but also information that may be transmitted or printed.

The ISO is a network of the national standards instituting of 162 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that organizes the system. Members encompass the Bureau of Indian Standards (India) and American National Standards Institute (U.S.) ISO itself does not carry out conformity valuations. LPO vendors may be certified complaint with ISO/IEC 27001 by certification organizations accredited by members like the Bureau of Indian Standards and American National Standards Institute.

Implementation and Testing:

Preserving a process-based information security standard is an organization-wide effort. All LPO employees should have some understanding of information security standards and should have received some training both at the time of hire and on a consistent basis thereafter. On top of it, LPO vendors should have their information security standard executions verified. Declarations encompassing statements like, “We follow ISO 27001 guidelines” or “We are seeking ISO 27001 certification” offer little comfort when delivering operations to a vendor half-way across the globe. For multi-site vendors, it is significant that the entire company be certified.

If only one part of an organization is certified, but data is transferred through, or operated by a portion of a vendor company that is not certified, information may be at risk. Many features of vendor relations need trust, but whenever possible, follow the motto of trust but verify and authenticate vendor declarations with a third party. Certifications can assist develop trust more swiftly due to the fact that they show a consistency with regard to processes that are significant to clients. Any LPO vendor selection or RFP process should comprise of criteria and questions about the vendors’ security certifications and practices.
About Author:
Snehi Kumari is Legal Process Manager at HiTechLPO.com. Having comprehensive insight and exposure to streamlining internal procedures; quality control methodologies; and broad areas of project management. Capable of handling administrative functions and sensitive projects effectively.


The author can be reached at: snehikumari@legalserviceindia.com

1 2 3 4 5
Rate this article!     Poor

Most viewed articles in Legal outsourcing category
Strategic outsourcing the key affair in all sectors
Assessing Information Security in the course of an LPO Vendor Site Stopover
Is Legal Process Outsourcing an Ethical Practice
Most recent articles in Legal outsourcing category
Is Legal Process Outsourcing an Ethical Practice
Assessing Information Security in the course of an LPO Vendor Site Stopover
Strategic outsourcing the key affair in all sectors

Article Comments

there are no comments...

Please login or register a new free account.

Random Pick
The Indian Contract act 1872 contained 266 sections originally which was divided in to various chapters. 1 to 75 dealt with general principles of the contract, section 76 to 123

» Total Articles
» Total Authors
» Total Views
» Total categories

Law Forum

Legal Articles

Lawyers in India- Click on a link below for legal Services

lawyers in Chennai
lawyers in Bangalore
lawyers in Hyderabad
lawyers in Cochin
lawyers in Pondicherry
lawyers in Guwahati
lawyers in Nashik

lawyers in Jaipur
lawyers in New Delhi
lawyers in Dimapur
lawyers in Agra
Noida lawyers
lawyers in Siliguri

For Mutual consent Divorce in Delhi

Ph no: 9650499965
For online Copyright Registration

Ph no: 9891244487
Law Articles

lawyers in Delhi
lawyers in Chandigarh
lawyers in Allahabad
lawyers in Lucknow
lawyers in Jodhpur
Faridabad lawyers

lawyers in Mumbai
lawyers in Pune
lawyers in Nagpur
lawyers in Ahmedabad
lawyers in Surat
Ghaziabad lawyers

lawyers in Kolkata
lawyers in Janjgir
lawyers in Rajkot
lawyers in Indore
lawyers in Ludhiana
Gurgaon lawyers


India's Most Trusted Online law library
Legal Services India is Copyrighted under the Registrar of Copyright Act ( Govt of India) 2000-2017
 ISBN No: 978-81-928510-1-3