What exactly is the nature of the Cyber Process Certification that has been launched by Ernst and Young and how will it work?
The Cyber Process Certification has been launched primarily to address the issue of trust that exists in Web space. E-commerce sites make various claims, there is no reason why a user should believe them. Managements of e-commerce companies make various assertions and again there is no reason why users should believe these. What we do is audit the company's processes and therefore endorse the management's assertions be it on security, privacy or even service level agreements (delivery of products etc). We will provide the E&Y seal to any company which successfully goes through our cyber process audit. Having been in the business of trust and integrity, we are now extending that to cyber processes.

Have any Indian companies approached you for a cyber process certification? if so, what spaces do they belong to? Also has anyone qualified yet for the Cyber Process seal from E & Y?
Nobody has qualified yet, though there is one company which is close to qualifying. I will not be able to name the companies that we are currently working with for the certification but broadly they belong to spaces like - an ASP for the FMCG sector, one ASP in the financial and accounting services. We are also working with an ISP whose advertisers want an endorsement of the fact that their ads are actually appearing as per the agreement. What we are doing in each of these cases is actually looking into the systems and processes at work thereby ensuring that the management assertion is actually valid.

The IT Act does not touch upon issues like payment at all, so in the absence of a legal redressal mechanism, what role do you see for a cyber process certificate?
What we are doing is putting in place a lot of the backend systems needed for commerce even without the IT Act actually having a provision to drag defaulters to a court of law. We feel that if e-commerce companies can assure that transactions are being securely processed, it increases the comfort level for people who are transacting on these sites and could in turn result in high value transactions online.

Do you see the Cyber Process Certification acting as some sort of whetting mechanism as far as the business plans of e-commerce companies go?
What we gauge is the intent of management and the operating processes. We make the management actually live up to every assertion that it's making about the company. This itself forces managements to sit up and evaluate their claims and their ability to deliver on them which in turn prompts them to take a hard look at the business. So while we do not comment on the business per se, we examine the processes in great detail and will provide the seal only once every single criteria is satisfied. For one of the sites we are working with, for instance, we have insisted that they actually log and make public every customer complaint, alongwith statistics on how many grievances have actually been redressed satisfactorily. What we do in this situation is certify the processes being employed thereby endorsing the management's final claims.