{"id":1823,"date":"2016-11-15T15:15:13","date_gmt":"2016-11-15T14:15:13","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks"},"modified":"2021-12-14T16:01:16","modified_gmt":"2021-12-14T15:01:16","slug":"six-tips-to-manage-it-outsourcing-risks","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/","title":{"rendered":"Six Tips to Manage IT Outsourcing Risks"},"content":{"rendered":"<p><span lang=\"EN-US\">As IT security becomes ever more strategic for companies, concern is growing about how secure enterprise data is in the hands of third-party IT service providers. <\/span><\/p>\n<p><span lang=\"EN-US\">As a result, cybersecurity and data protection are now amongst the most challenging issues to be agreed on when negotiating contracts for outsourcing services. This is outlined by Rebecca Eisner, lawyer and partner at Mayer Brown in Chicago, <\/span><span lang=\"EN-US\">in a statement to IT trade journal \u201cCIO\u201d<\/span><span lang=\"EN-US\">. On the one hand, service providers are seeking to minimize their liability for fear of incurring enormous contractual penalties. But on the other, customers are equally concerned &#8211; in particular when service providers may not have the same incentives to safeguard customer data as their customers, and also because the negative impact of a security incident is always significantly more severe for the customer than it is for the service provider. <\/span><\/p>\n<p><span lang=\"EN-US\">At the same time, constantly evolving regulations make it extremely difficult for both of the parties to assess the risks. The situation is further complicated by an increasingly complex and geographically scattered IT landscape, Eisner goes on to say. In the days when company data was still stored at one or a few centrally located data centers, companies were able to do a decent job of securing the perimeters. But in this age of cloud storage and mobile end devices, the prospect of securing data has become rather more daunting. \u201cThe points of access and potential points of security failure multiply with this ever expanding ecosystem,\u201d explains Eisner. \u201cIn addition, many of these systems are provided or managed by third party suppliers.\u201d<\/span><\/p>\n<p><span lang=\"EN-US\">So CIOs would do well to pursue a risk management led approach when selecting, commissioning and supervising their IT service providers. Eisner lists 6 tips for companies to boost their data protection and IT security in their IT supplier relationships:<\/span><\/p>\n<ol>\n<li><span lang=\"EN-US\">Be aware which service providers are processing or have access to the company\u2019s most important, sensitive or strictly regulated data, as well as data that the company considers its \u201ccrown jewels\u201d.<\/span><\/li>\n<li><span lang=\"EN-US\">Work closely with the security, vendor management, and legal teams to identify which supplier relationships pose the greatest risks for the company, so that the enterprise can devote more attention and resources to these suppliers. <\/span><\/li>\n<li><span lang=\"EN-US\">Scrutinize existing IT supplier contracts in the light of your up-to-date and well-defined security and data protection requirements in order to identify and close any security gaps. <\/span><\/li>\n<li><span lang=\"EN-US\">Make sure that your vendor management, compliance or security management teams monitor the IT at high-risk service providers, and also ensure that vendor security assessment questionnaires are updated on an annual or bi-annual basis, including a review of audit reports, certifications and penetration tests. Also make sure that site visits and annual security reviews are conducted where appropriate.<\/span><\/li>\n<li><span lang=\"EN-US\">The standard contractual terms for security and data protection must regularly be reviewed with the legal team to ensure that they are up to date. In this regard, Eisner expressly refers to the <\/span><a href=\"https:\/\/www.retarus.com\/blog\/en\/are-you-ready-for-the-new-face-of-eu-data-protection\/\"><span lang=\"EN-US\">new EU data protection directive (GDPR)<\/span><\/a><span lang=\"EN-US\"> which comes into force in 2018. <\/span><\/li>\n<li><span lang=\"EN-US\">Management, staff and supervisory board, if relevant, should be made aware of security and data protection risks, and steps which can be taken to mitigate risks need to be explained. &nbsp;<\/span><\/li>\n<\/ol>\n<p><span lang=\"EN-US\">With Retarus as your information logistics service provider you are always on the safe side. Our own data centers distributed around the globe fulfill the <\/span><a href=\"https:\/\/www.retarus.com\/why-retarus\/compliance-certifications\/\"><span lang=\"EN-US\">most stringent requirements for data protection and security<\/span><\/a><span lang=\"EN-US\">. Your data is exclusively processed in accordance with the applicable local regulations and data protection <a name=\"OLE_LINK2\"><\/a><a name=\"OLE_LINK1\"><\/a>provisions. Retarus relies on a strict system of internal controls, which is continuously audited by a renowned business consultancy. If required, we also make it possible for your auditors to gain personal access to our data centers and allow them the necessary insight into relevant processes. Please feel free to get in touch with <\/span><a href=\"https:\/\/www.retarus.com\/contact\/\"><span lang=\"EN-US\">your local Retarus contact person<\/span><\/a><span lang=\"EN-US\"> directly for more details.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CIOs would do well to pursue a risk management led approach when selecting, commissioning and supervising their IT service providers.<\/p>\n","protected":false},"author":14,"featured_media":296,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"","footnotes":""},"categories":[36,15],"tags":[249,172,359],"dipi_cpt_category":[],"class_list":["post-1823","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-trends","category-security","tag-data-protection","tag-it-security","tag-risk-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.1 (Yoast SEO v24.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Managing IT Outsourcing Risks<\/title>\n<meta name=\"description\" content=\"CIOs would do well to pursue a risk management led approach when selecting, commissioning and supervising their IT service providers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Six Tips to Manage IT Outsourcing Risks\" \/>\n<meta property=\"og:description\" content=\"CIOs would do well to pursue a risk management led approach when selecting, commissioning and supervising their IT service providers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - EN\" \/>\n<meta property=\"article:published_time\" content=\"2016-11-15T14:15:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-14T15:01:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2015\/06\/Mann_Sprung_680x384.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"384\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Cloer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Cloer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/\",\"name\":\"Managing IT Outsourcing Risks\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2015\/06\/Mann_Sprung_680x384.jpg\",\"datePublished\":\"2016-11-15T14:15:13+00:00\",\"dateModified\":\"2021-12-14T15:01:16+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\"},\"description\":\"CIOs would do well to pursue a risk management led approach when selecting, commissioning and supervising their IT service providers.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2015\/06\/Mann_Sprung_680x384.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2015\/06\/Mann_Sprung_680x384.jpg\",\"width\":680,\"height\":384},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Six Tips to Manage IT Outsourcing Risks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/\",\"name\":\"Retarus Corporate Blog - EN\",\"description\":\"Always up to date\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\",\"name\":\"Thomas Cloer\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Managing IT Outsourcing Risks","description":"CIOs would do well to pursue a risk management led approach when selecting, commissioning and supervising their IT service providers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/","og_locale":"en_US","og_type":"article","og_title":"Six Tips to Manage IT Outsourcing Risks","og_description":"CIOs would do well to pursue a risk management led approach when selecting, commissioning and supervising their IT service providers.","og_url":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/","og_site_name":"Retarus Corporate Blog - EN","article_published_time":"2016-11-15T14:15:13+00:00","article_modified_time":"2021-12-14T15:01:16+00:00","og_image":[{"width":680,"height":384,"url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2015\/06\/Mann_Sprung_680x384.jpg","type":"image\/jpeg"}],"author":"Thomas Cloer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Thomas Cloer","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/","url":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/","name":"Managing IT Outsourcing Risks","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2015\/06\/Mann_Sprung_680x384.jpg","datePublished":"2016-11-15T14:15:13+00:00","dateModified":"2021-12-14T15:01:16+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5"},"description":"CIOs would do well to pursue a risk management led approach when selecting, commissioning and supervising their IT service providers.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2015\/06\/Mann_Sprung_680x384.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2015\/06\/Mann_Sprung_680x384.jpg","width":680,"height":384},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/en\/six-tips-to-manage-it-outsourcing-risks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/en\/"},{"@type":"ListItem","position":2,"name":"Six Tips to Manage IT Outsourcing Risks"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/en\/#website","url":"https:\/\/www.retarus.com\/blog\/en\/","name":"Retarus Corporate Blog - EN","description":"Always up to date","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5","name":"Thomas Cloer","url":"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/1823"}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/comments?post=1823"}],"version-history":[{"count":5,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/1823\/revisions"}],"predecessor-version":[{"id":6795,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/1823\/revisions\/6795"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media\/296"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media?parent=1823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/categories?post=1823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/tags?post=1823"},{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/dipi_cpt_category?post=1823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}