Book Demo
Lone Forland
About author
22 Mar 2018

IT Risk Management increases your IT outsourcing success

IT outsourcing can be a highly positive experience.

 

You outsource your IT operations to someone who has more experience and expertise and can do it more cost-efficiently.

However, for an outsourcing venture to succeed, you will need to have a proper information security risk management process in place. One of the better methodologies you can use to prevent unnecessary risks is the information security risk management standard ISO 27005.

 

If your methodology is in place and a security strategy has been laid out and communicated to both your organisation and outsourcing supplier, then you have nothing to fear. But when it isn’t done properly it can hurt your organisation.

 

The 2013 Trustwave Global Security Report had less than positive news on outsourcing. The researchers discovered that of 450 global data breach investigations, 63% were linked to an outsourcing supplier.

 

The outsourcing supplier responsible for IT system support, development, or maintenance had neglected or introduced security deficiencies that were easily exploitable.

 

The results are strikingly similar to those of a 2009 report commissioned by VanDyke Software and conducted by Amplitude Research. They discovered that 61% of their 350 respondents, whose organisations outsourced IT jobs, had experienced an unauthorised intrusion between 2007 and 2009.

 

In comparison, only 35% of the companies that did not outsource had experienced unauthorised intrusions.

 

Don’t worry, take proper measures

 

Don’t let these numbers scare you. There are many highly professional outsourcing suppliers out there.

Most of the issues reported in the above studies are due to miscommunication between organisations and their outsourcing supplier. The blame cannot therefore be placed solely on the supplier, but should instead be shared between both parties.

 

When IT outsourcing is done correctly it can be highly beneficial for both you and your outsourcing supplier. All you have to do is take the proper steps to ensure a secure and rewarding outsourcing experience.

 

Where to start?

 

Performing a proper risk assessment can inoculate you against a bad outsourcing decision.

First, consider what areas you want to outsource. Then look into the potential business impact if something went wrong and whether outsourcing would make you more vulnerable.

 

The greater the risk, the more you need to vet the potential outsourcing supplier. Our platform can help you with this by, among other things, providing questions you can present to your potential outsourcing partner.

 

A recognised security standard, such as ISO 27001 for information security, is a good indicator that the outsourcing supplier takes security seriously, but it is never a guarantee.

 

You’d also want to check who did the accreditation, as there are some “fast-track certifications.” You also want to check out what parts of the business the certification covers.

 

Next, you’d want to check if they “practice what they preach,” if they don’t, your company name may end up all over the six o’clock news.


Building a trusting relationship

 

This process isn’t just a matter of inspecting their business once or twice. This can take weeks or months. You rely on them to manage risk aspects on your behalf. You need to be certain that they are up to the challenge, and that you understand each other.

Building a mutually understanding and trusting relationship can take time and requires a large amount of diligence on both sides. Both parties must take the time to fully cover exactly how this partnership is to go down.

 

That way, you can minimise misunderstandings and potential security issues. Take the necessary steps and you will be on the road to a positive and beneficial outsourcing experience.

Feel free to give us feedback if you found the list useful or not, or if you have any additions.

 

PS: Click here to follow us on LinkedIn.