The Outsourced Productivity Information Security Risk

Many of your data protection security controls will be by-passed by your vendors if they feel pressured to do so by employees at your company, unless you specifically mitigate this risk. An outsourced vendor may have met the security standards like BS 7799 or ISO 17799, but your vendor is the paid to do what your company requests. For most businesses, productivity initiatives to gain revenue will trump perceived security burdens if the two are in conflict. This security vulnerability will make your company vulnerable to social engineering assaults. And the risks are higher when the outsourced vendor resides offshore. This paper discusses this problem, and risk mitigation that allow your business to maintain efficient productive relationships with vendors on outsourced projects. The observations are derived from review of published findings in print and on the Internet, and from the author's travels to United States and non-US based outsourcing companies.