• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » How CIOs Can Limit the Risk of Outsourcing I.T.

Think Tank
Think Tank RSS FeedRSS

How CIOs Can Limit the Risk of Outsourcing I.T.

How CIOs Can Limit the Risk of Outsourcing I.T.
July 14, 2020
Robert Neill, SCB Contributor

Businesses are increasingly turning over all or part of their information technology functions to outside service providers. While this may create certain efficiencies, the organization is still ultimately responsible for risks associated with the availability and functions of I.T. services, as well as proper access and use of company data.

This means the chief information officer or equivalent I.T. leader must ensure that selected service providers have the proper structure, financial stability and continuity plans in place to consistently deliver the contracted services.

It also means I.T. leaders must assess the effectiveness of the service provider’s policies and procedures, to ensure the integrity and security of the company’s sensitive data and proprietary information.

An estimated $1 trillion per year industry, I.T. outsourcing takes many forms. An organization may turn over its entire I.T. department to a vendor, or it may hire one to perform data center operations, network management or other specific functions. 

Commonly outsourced I.T. functions include:

  • Software application development,
  • Software application support,
  • Data-center operations,
  • Help-desk support,
  • Network management,
  • Cybersecurity,
  • Platform or infrastructure as a service, and
  • Software as a service.

In the past, CIOs focused primarily on the physical product supply chain. Today, however, they must be concerned with the supply chain for both products and services.

Assessing and managing risk in third-party technology service suppliers can be a challenge, since significant portions of the service environments are under the control of the provider, and are likely beyond the purview of the acquiring organization. Due diligence must be performed up front to assess the risks associated with engaging an external party.

Before engaging with an I.T. service provider, the CIO must understand:

  • What is being outsourced, 
  • What business processes will be supported by the service,
  • What data will be stored, processed or accessible via the outsourced service, and
  • Who will have access to systems, applications and data related to the outsourced service.

The process can begin with a basic I.T. services risk assessment form, designed to capture answers to these questions from staff within the organization. In addition, a supplier pre-assessment form can be used to gather preliminary information from a potential service provider. Common questions to ask in a supplier pre-assessment form include:

  • Has your company ever declared bankruptcy?
  • Does your company's insurance policy include errors and omission (or general liability) claims? If yes, what are the limits of the policy?
  • Is your company involved in pending litigation?
  • Has your company ever been a party to a regulatory investigation?
  • Does your company have a privacy policy?
  • Does your company have a documented security program in place?
  • Will your company agree to complete a questionnaire regarding your information security and privacy programs?
  • Does your company have a Service Organization Controls (SOC) report?
  • Does your company have a comprehensive business continuity plan to address continuance of operations in the event of incidents disrupting normal operations?

These assessment forms should provide sufficient information to determine whether additional diligence is needed. Based on the level of potential risk, this additional diligence could include requiring the service provider to respond to a more detailed questionnaire; reviewing the service provider’s SOC report in detail, or engaging with the organization’s internal audit function or a qualified external audit firm to conduct a vendor assessment.

Conducting these assessments is critical when establishing a relationship with a new provider. It’s also important to continue to review each supplier on an ongoing basis. The frequency and extent of those reviews should be based on the risks associated with the services being provided.

These assessments are tailored toward service providers, but the concepts can be adapted for key technology product providers as well. The main thing is for the CIO to understand the potential risks of engaging with a supplier, and have an understanding of how each supplier manages its business risks. In this way, the CIO will be better able to anticipate the impact of outsourcing risks on the organization.

Service provider assessments can be assigned to various functions within an organization, including I.T., risk management or internal audit. Assessments may also be performed by a qualified third party.

However, it is the responsibility of the CIO or equivalent I.T. leader to review the information gathered from the assessments, and determine whether engaging with the proposed technology service provider is aligned with the organization’s goals and risk-tolerance levels. A thorough assessment today will help ward off bigger problems down the road.

Robert Neill is director of CIO Advisory Services for Weaver, a national CPA and advisory firm.

Technology Data Management (Big Data/IoT/Blockchain) Supply Chain Security & Risk Mgmt

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A GIANT EXCAVATOR BEARING THE JOHN DEERE LOGO SITS IN A FIELD IN DAPPLED SUNLIGHT

    EVs Finally Land at North America’s Biggest Machinery Conference

    Technology
  • TWO HANDS IN SHIRT CUFFS SHAKE AGAINST A BACKGROUND OF A US FLAG

    Podcast | Leaving China: Is ‘Friend-Shoring’ the Answer?

    Sourcing/Procurement/SRM
  • DEEPLY CRACKED EARTH UNDER A BLUE CLOUDY SKY

    It’s Time to Embed Climate Considerations Into Supply Chain Strategies

    Sourcing/Procurement/SRM
  • kristin-toth.jpg

    Watch: What Goes Around, Comes Around: Circularity in the Supply Chain

    Reverse Logistics
  • A SEATED PERSON HOLDS A SMARTPHONE, SHOPPING

    Retail Consumer Data: The Key to Personalization, or Privacy Violation?

    Regulation & Compliance

Digital Edition

Scb q1 2023 cover

2023 Supply Chain Management Resource Guide: Packing for a Difficult Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Holman Logistics Honeywell Intelligrated
IFM Infor Inmar
Keelvar Kinaxis Korber
Lean Solutions Group 2H Liberty SBF Locus Robotics
Logility LogistiVIEW Lucas Systems
MCA Connect MPO Nvidia
Old Dominion OpenText ORTEC
Overhaul Parsyl PMMI
QIMA Redwood Logistics Ryder E-commerce by Whiplash
Saddle Creek Logistics Schneider Dedicated Setlog Holding AG
Ship4WD Shipwell Shyft
Sourcemap Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing