Risk mitigation in IT outsourcing engagements has become a hot topic recently. It was scrutinized in a recent Everest Group’s whitepaper titled “Emerging Markets Suppliers: A valuable Lever for Risks Diversification” providing a list of recommended, “must-know” vendors in 6 ITO destinations that compete with India. Central and Eastern Europe (CEE) was represented by its leading full-cycle software services provider EPAM Systems.

At a webinar earlier this year, Everest announced their outsourcing market forecast for 2010, where they stated that in a recovering economy the key ITO vendors would transform their approach in order to shift more risks away from the clients.

With delivery models and contracting structures being updated and adjusted to the buyers’ needs and expectations, the leading service providers keep investing into safeguarding their customers’ information. After the assessment of its multiple CEE development centers for the SAS 70 Type II requirements, EPAM took the lead in security in the CEE’s ITO industry. Last week the company announced that it had also received ISO/IEC 27001:2005 certification for its Information Security Management System (ISMS). The scope of the certificate is “Outsourced software development in accordance with the latest version of the Statement of Applicability.”

“This certificate demonstrates EPAM’s dedication to protecting its clients’ information assets and addressing security concerns by defining and maintaining the strictest security policies and verifying their adherence by recognized industry standards. “ISO 270001:2005 and existing SAS 70 Type II certification combined continue our position of leadership in security for our industry and region and are vital parts of EPAM’s global strategy,” stated Balazs Fejes, EPAM CTO.

Laszlo Adlovits, Country Manager at Det Norske Veritas, said: “During this process, it was clear that EPAM surpassed the required level and showed a mature and well implemented information security management system.”