Managing the risk is essential when outsourcing security
In seeking to provide a detailed response for the above questions, views have been sought from the wide community of experts that make up the BCS Security Forum Strategic Panel (SFSP), writes Andrea Simmons, consultant forum manager for the BCS Security Forum.
By implication of the title, there is an assumption of an existing understanding in relation to outsourcing/third-party contract management risks. However, collective experience shows that there is still, sadly, a great deal of naivety with regard to relationship management and the ongoing requirements of so doing in relation to any outsourced activity. It is an oft-quoted phrase that "you cannot outsource responsibility" and no better examples have we seen of this in action than the various data breaches that appear to have occurred continually throughout 2008 - with a number of key government outsourced service providers managing to experience instances of mislaid, lost or stolen data - and the impact has been seen to be significant loss of contract and therefore considerable financial expense. The latter shows just how much the "reward" element is changing as the result of a loss of data can mean the loss of the contract. So ultimately the "reward", if the service is provided in accordance with expectation in relation to contract terms, would clearly mean the ongoing support and maintenance of the arrangement.
