My firm, Newport Consulting Group, will feature a number of articles over the next two months focused on IT governance issues with our friends at searchCompliance.com. In this month’s offering I look at a recent client situation regarding IT governance of restricted product and manufacturing information and offer areas to consider when evaluating how much control to give your “bargain” offshore IT services provider.
It’s a fairly typical scenario: Global enterprise looks to save money by outsourcing systems management, allowing broad access to the enterprise’s information and systems. If effective, the hybrid onshore/offshore model results in lower IT service costs and allows for 24/7 maintenance and development. Also, the service provider has the advantage of leveling its staff workload across multiple client organizations based on the most effective use of talents and skills.
But outsourcing could pose problems for some organizations, especially if their products have national security implications based on federal regulations. For example, what if a company that produces sensitive material hires an offshore-based IT service provider with broad access under “systems management” provisions to their sensitive intellectual property and restricted product information? This information clearly defines not only the complex bill of materials for the products, but also the manufacturing processes for making the products.
Clearly, this is a violation of several regulations, as well as a potential sieve of information without so much as notice from the organization. But hundreds of auditors would be needed to physically check the access rights of the offshore provider in its various operating locations. Instead, a thoughtful approach to the specific information needs and access rights based on company policy and federal regulation provides a good starting point.
To learn about several governance approaches and information systems solutions that can help address this issue, read the full article here. Many thanks to associate editor Ben Cole for our work together on this and future offerings.