• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile

  • CORONAVIRUS
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • REGIONS
    • Asia Pacific
    • Canada
    • China
    • Europe
    • Latin America
    • Middle East/Africa
    • North America
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » How CIOs Can Limit the Risk of Outsourcing I.T.

Think Tank
Think Tank RSS FeedRSS

Technology / Data Management (Big Data/IoT/Blockchain) / Supply Chain Security & Risk Mgmt

How CIOs Can Limit the Risk of Outsourcing I.T.

How CIOs Can Limit the Risk of Outsourcing I.T.
July 14, 2020
Robert Neill, SCB Contributor

Businesses are increasingly turning over all or part of their information technology functions to outside service providers. While this may create certain efficiencies, the organization is still ultimately responsible for risks associated with the availability and functions of I.T. services, as well as proper access and use of company data.

This means the chief information officer or equivalent I.T. leader must ensure that selected service providers have the proper structure, financial stability and continuity plans in place to consistently deliver the contracted services.

It also means I.T. leaders must assess the effectiveness of the service provider’s policies and procedures, to ensure the integrity and security of the company’s sensitive data and proprietary information.

An estimated $1 trillion per year industry, I.T. outsourcing takes many forms. An organization may turn over its entire I.T. department to a vendor, or it may hire one to perform data center operations, network management or other specific functions. 

Commonly outsourced I.T. functions include:

  • Software application development,
  • Software application support,
  • Data-center operations,
  • Help-desk support,
  • Network management,
  • Cybersecurity,
  • Platform or infrastructure as a service, and
  • Software as a service.

In the past, CIOs focused primarily on the physical product supply chain. Today, however, they must be concerned with the supply chain for both products and services.

Assessing and managing risk in third-party technology service suppliers can be a challenge, since significant portions of the service environments are under the control of the provider, and are likely beyond the purview of the acquiring organization. Due diligence must be performed up front to assess the risks associated with engaging an external party.

Before engaging with an I.T. service provider, the CIO must understand:

  • What is being outsourced, 
  • What business processes will be supported by the service,
  • What data will be stored, processed or accessible via the outsourced service, and
  • Who will have access to systems, applications and data related to the outsourced service.

The process can begin with a basic I.T. services risk assessment form, designed to capture answers to these questions from staff within the organization. In addition, a supplier pre-assessment form can be used to gather preliminary information from a potential service provider. Common questions to ask in a supplier pre-assessment form include:

  • Has your company ever declared bankruptcy?
  • Does your company's insurance policy include errors and omission (or general liability) claims? If yes, what are the limits of the policy?
  • Is your company involved in pending litigation?
  • Has your company ever been a party to a regulatory investigation?
  • Does your company have a privacy policy?
  • Does your company have a documented security program in place?
  • Will your company agree to complete a questionnaire regarding your information security and privacy programs?
  • Does your company have a Service Organization Controls (SOC) report?
  • Does your company have a comprehensive business continuity plan to address continuance of operations in the event of incidents disrupting normal operations?

These assessment forms should provide sufficient information to determine whether additional diligence is needed. Based on the level of potential risk, this additional diligence could include requiring the service provider to respond to a more detailed questionnaire; reviewing the service provider’s SOC report in detail, or engaging with the organization’s internal audit function or a qualified external audit firm to conduct a vendor assessment.

Conducting these assessments is critical when establishing a relationship with a new provider. It’s also important to continue to review each supplier on an ongoing basis. The frequency and extent of those reviews should be based on the risks associated with the services being provided.

These assessments are tailored toward service providers, but the concepts can be adapted for key technology product providers as well. The main thing is for the CIO to understand the potential risks of engaging with a supplier, and have an understanding of how each supplier manages its business risks. In this way, the CIO will be better able to anticipate the impact of outsourcing risks on the organization.

Service provider assessments can be assigned to various functions within an organization, including I.T., risk management or internal audit. Assessments may also be performed by a qualified third party.

However, it is the responsibility of the CIO or equivalent I.T. leader to review the information gathered from the assessments, and determine whether engaging with the proposed technology service provider is aligned with the organization’s goals and risk-tolerance levels. A thorough assessment today will help ward off bigger problems down the road.

Robert Neill is director of CIO Advisory Services for Weaver, a national CPA and advisory firm.

RELATED CONTENT

RELATED VIDEOS

Wake up to live
“Supply Chains in Crisis”
updates and the latest Supply Chain News!

Subscribe to our Daily Newsletter

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • coworkers collaborate

    Podcast | Linking Planning and Execution for Real-Time Decision-Making

    Sales & Operations Planning
  • FedEx

    FedEx Faces Big Changes as New Boss Confronts Higher Costs, Angry Contractors

    Last Mile Delivery
  • cyber crime

    The Cyber Blind Spot That Makes Every Supply Chain Vulnerable

    Regulation & Compliance
  • 0627_Guitars.png

    Sweetwater Responds to the ‘New Face of Agility’ in Supply Chain and Merchandising

    Inventory Planning/ Optimization
  • delivering package

    Consumers Prefer Personal Touch, Predictability, Over Super-Fast Delivery

    Last Mile Delivery

Digital Edition

Scb may 2022 sm

2022 Supply Chain ESG Guide

VIEW THE LATEST ISSUE

Case Studies

  • 3PL Doubles Productivity With Robots to Fulfill Medical Supply Orders

  • E-Commerce Company Cuts Order Fulfillment Time by 40%

  • Fashion Retailer Halves Fulfillment Time With Omichannel Automation

  • Distributor Scales Business by Integrating Warehouse Automaton Software

  • Fast-Growing Fashion Brand Scales E-Commerce Fulfillment With Whiplash

Visit Our Sponsors

Yang Ming Alithya Barcoding
Blue Yonder BNSF Logistics Generix
GEP GreyOrange Here
Honeywell Intelligrated IFM Inmar
Keelvar Kinaxis Korber
Liberty SBF Locus Robotics Logility
Lucas Systems Nvidia Old Dominion
ORTEC Parsyl QIMA
Redwood Logistics Saddle Creek Logistics Schneider Dedicated
Setlog Holding AG Ship4WD Shipwell
Tecsys TGW Systems Thomson Reuters
Tive Trailer Bridge Vecna Robotics
Verity
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2022 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing