Approaches for Safeguarding Restricted Information in a Globally-managed Environment (via @ITCompliance)

My firm, Newport Consulting Group, will feature a number of articles over the next two months focused on IT governance issues with our friends at searchCompliance.com. In this month’s offering I look at a recent client situation regarding IT governance of restricted product and manufacturing information and offer areas to consider when evaluating how much control to give your “bargain” offshore IT services provider.

It’s a fairly typical scenario: Global enterprise looks to save money by outsourcing systems management, allowing broad access to the enterprise’s information and systems. If effective, the hybrid onshore/offshore model results in lower IT service costs and allows for 24/7 maintenance and development. Also, the service provider has the advantage of leveling its staff workload across multiple client organizations based on the most effective use of talents and skills.

 

Can you safeguard information when you can't safeguard the watchman?

But outsourcing could pose problems for some organizations, especially if their products have national security implications based on federal regulations. For example, what if a company that produces sensitive material hires an offshore-based IT service provider with broad access under “systems management” provisions to their sensitive intellectual property and restricted product information? This information clearly defines not only the complex bill of materials for the products, but also the manufacturing processes for making the products.

Clearly, this is a violation of several regulations, as well as a potential sieve of information without so much as notice from the organization. But hundreds of auditors would be needed to physically check the access rights of the offshore provider in its various operating locations. Instead, a thoughtful approach to the specific information needs and access rights based on company policy and federal regulation provides a good starting point.

To learn about several governance approaches and information systems solutions that can help address this issue, read the full article here. Many thanks to associate editor Ben Cole for our work together on this and future offerings.

Advertisements

Leave a comment

Filed under Audit and Oversight, Compliance, Risk Management, Technology

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s