Global IT Sourcing and Data Security
http://article.nanolive.com/articles/150452/1/Global-IT-Sourcing-and-Data-Security/Page1.html
Alice Khosravy
A&E Consulting is a full service consulting firm that has been successfully helping clients with their global needs. Visit http://www.globalsourceyourit.com or call 818-572-8399 for more information. By Alice Khosravy
Published on 10/5/2008
An outsourcing company should consider many different factors when choosing a global IT partner. Among these criteria should be data security.
Data security is one of the main concerns of IT managers who are outsourcing to a global sourcing provider for the first time. Intellectual property is one of the most valuable assets that a company will possess and therefore extra steps should be taken to protect it. The risk of data theft can be greatly reduced if precautionary steps are taken before sending IT projects to a vendor.
An outsourcing company should consider many different factors when choosing a global IT partner. Among these criteria should be data security. It is important to find out the data security policies of the vendor and identify access controls. Clear, enforceable policies must be established. Frequently, the larger vendors will have certifications showing that information security practices are upheld, such as the ISO 27001 certification that is achieved when the company documents and follows information security practices and controls.
An outsourcing company should take the time to look into how the global sourcing provider enforces access controls and how these controls are modified when employees change positions internally or leave the company. Many vendors will provide development on a dedicated data server, which will include audit control access. Even after a vendor is chosen, IT managers must still ensure that the vendor follows the outsourcer's industry best practices and compliance guidelines.
The outsourcing contract should reflect the policies discussed with the vendor and the access controls. A signed non-disclosure agreement, non-compete agreement and no solicitation agreement can provide additional security for the outsourcing company. A red flag should be raised if the vendor refuses to include data protection information in the contract and a different global sourcing provider should be chosen. Regular audits should be conducted by the outsourcing company to make sure the policies are being enforced, even after the initial terms are agreed upon and the contracts are signed.
Another way to protect propriety information is to only provide data that is relevant to the project. The minimal amount of information should be shared with the vendor. The outsourcing company should thoroughly review propriety data and technology that are needed for the project development. It should be clearly communicated to in-house employees regarding what information is acceptable to be shared with the global sourcing partner.
Data protection is possible when sending work to a global IT sourcing partner. It is well worth it to take the necessary time to ensure that vital information will be protected.
An outsourcing company should consider many different factors when choosing a global IT partner. Among these criteria should be data security. It is important to find out the data security policies of the vendor and identify access controls. Clear, enforceable policies must be established. Frequently, the larger vendors will have certifications showing that information security practices are upheld, such as the ISO 27001 certification that is achieved when the company documents and follows information security practices and controls.
An outsourcing company should take the time to look into how the global sourcing provider enforces access controls and how these controls are modified when employees change positions internally or leave the company. Many vendors will provide development on a dedicated data server, which will include audit control access. Even after a vendor is chosen, IT managers must still ensure that the vendor follows the outsourcer's industry best practices and compliance guidelines.
The outsourcing contract should reflect the policies discussed with the vendor and the access controls. A signed non-disclosure agreement, non-compete agreement and no solicitation agreement can provide additional security for the outsourcing company. A red flag should be raised if the vendor refuses to include data protection information in the contract and a different global sourcing provider should be chosen. Regular audits should be conducted by the outsourcing company to make sure the policies are being enforced, even after the initial terms are agreed upon and the contracts are signed.
Another way to protect propriety information is to only provide data that is relevant to the project. The minimal amount of information should be shared with the vendor. The outsourcing company should thoroughly review propriety data and technology that are needed for the project development. It should be clearly communicated to in-house employees regarding what information is acceptable to be shared with the global sourcing partner.
Data protection is possible when sending work to a global IT sourcing partner. It is well worth it to take the necessary time to ensure that vital information will be protected.