Australian IT managers last week sought assurances from offshore providers that their data was safe in the wake of a controversial documentary showing identity thieves purchasing the credit card details of 200,000 customers in Bangalore.

The National Association of Software and Service Companies (Nasscom), which represents major outsourcing providers in India, went on the offensive after the explosive documentary was aired on Channel 4 in Britain. It is not the first identity theft scandal to hit India.

But providers and industry came together to ensure strict standards are in place and to hose down public fears around the use of offshoring, especially at a time when Australia's largest banks and airlines are increasing their use of Indian-based providers.

Qantas is announcing a deal this week to move IT development offshore and the airline's CIO, John Willit, told Computerworld that local companies have little choice but to seek out capability and depth of expertise that isn't available in Australia.

"If people want Qantas to be competitive and successful and continue to employ tens of thousands of Aussies, as we currently do, we need to be able to achieve the greatest possible flexibility in all areas of business, and IT is no exception," Willit said.

"People have to understand we need to replace the ageing legacy IT systems and skills; to do this in a cost-effective way that will provide efficiency benefits we need skills that simply are not available in Australia."

Local industry also sought to ensure confidential data was protected and the Australian Prudential Regulation Authority (APRA) this week released a practice guide on outsourcing for authorized deposit-taking institutions (ADIs) and general insurers.

Some prudential standards will take effect in January 2007, dealing specifically with outsourcing to an offshore party.

APRA chairman John Laker said the guide sets out minimum requirements for managing outsourcing risks.

"The use of third parties to perform business activities can be beneficial, but can entail additional risks," Laker said.

"Well-run institutions already address these outsourcing principles as part of their operational risk management systems."

Commenting on the documentary, Indian-based outsourcing company Satyam said the company uses a strict business model built on the ISO 27001 standard, which includes criminal background checks for staff and biometric controls.

Virender Aggarwal, senior vice president and head of Satyam Asia Pacific operations, said the company has various measures in place across the organization to prevent data theft.

"At Satyam we believe in creating a 'vigilant' workforce as against a 'participative' workforce, and these associates are our biggest asset in ensuring data security. Training is a very important factor since it has been seen that maximum data misappropriation happens inadvertently," Aggarwal said.

"All associates have mandatory induction training on information security before they are deployed to any engagement and this is reinforced through focused campaigns (such as road shows, posters, movies, screen savers and the like) and regular training on information security also is conducted."