Proposing an Information Security Framework for Small Scale BPO Sector which Provides Call Center Solution for Telecommunication Sector in Sri Lanka

Abstract

This study proposes an information security framework tailored for small-scale Business Process Outsourcing (BPO) companies in Sri Lanka, focusing on those offering call center solutions to the telecommunication sector. The research addresses the critical need for data protection due to the sensitive nature of client information and the increasing risks of cyber threats. A qualitative approach, incorporating literature reviews, case studies, and expert consultations, was adopted to identify existing challenges, including resource constraints, compliance issues, and insider threats. The proposed framework integrates elements from ISO 27001 and NIST Cybersecurity Frameworks, emphasizing data classification, access control, employee training, and incident response. Evaluation of the framework demonstrates its effectiveness in enhancing data security, regulatory compliance, and operational resilience for the BPO sector.