Outsourcing/Managed

Services: Developing a
Common Language Between
Suppliers and Purchasers to
Reduce Risk

Alan McSweeney
Objectives

• Describe at a high-level a structured approach to

implementing outsourcing/managed services from both
service provider and end-user organisation

April 20, 2010 2

Scope

• Provide a high-level view of a common set of processes to

be used by service providers and end-user organisations to
implement and operate an outsourcing/managed services
arrangement

April 20, 2010 3

What is Outsourcing

• Outsourcing is delegating the responsibility for performing

an information technology or business function to a third
party
• You outsource because the outsourcing supplier will do:
− What the organisation currently does
− At the same or better level of performance
− For the same or lower price

April 20, 2010 4

Advantages of Managed Services

• Better use of staff: allows agencies to focus human

resources on strategic planning and core mission support
• Cost savings: choose not to build and support IT and
network infrastructure available in the commercial sector;
use limited capital to purchase needed service levels and
reduce total cost of ownership
• Ability to use optimal technologies: adjust types and mix of
hardware, software, skilled labour, capital investment and
technology to support changes in mission needs
• Rapid response to organisation and business changes:
supplier is measured by ability to produce solutions
April 20, 2010 5
Types of Outsourcing Arrangement

• Efficiency/Utility (Make it Cheaper) arrangement outsourcing

focuses primarily on cost control and, over time, cost reduction, with
the goal of maintaining consistency in the delivery of services
• Business Enhancement (Make it Better) arrangement is about
business productivity. The organisation’s performance, as compared
with their competitors, will improve, resulting in movement toward
defined business goals
• Transformational (Make me Money) arrangement is characterised
by a partnership between the service provider and service recipient
that is focused on innovation and new business, changing the very
basis on which an organisation competes

April 20, 2010 6

Benefits of Managed Services

• Managed Services offers an alternative approach for a client to acquire IT or telecom

support services
− Managed services solutions are designed and delivered by service providers according to a
predefined statement of deliverables and generally includes end-to-end service, service level
agreements, and assets (if desired)
• A managed service typically includes monthly recurring service-based pricing offering a
more predictable cost approach for the client
• Ongoing visibility of operational performance is provided and managed through pre-agreed
performance parameters (known as service-level agreements)
− The client may include their unique performance requirements such as degree of control and
visibility, security, availability, capacity, service continuity and other requirements as it relates to
the specific service
• Because this is a core competency, the service provider is able to optimise the best balance
of facilities, processes, resources, tools, and metrics, resulting in the best overall value for
the client
− Cost effectiveness is typically achieved through instituting process standards and establishing and
supporting a standard operating environment (SOE) consisting of COTS (Commercial Of the Shelf)
services and solutions
• Managed services can be delivered either in a BOCO (Business-owned, contractor-
operated) or COCO (contractor-owned, contractor-operated) model and is largely based on
client preference

April 20, 2010 7

Outsourcing Organisations - Developing a Vision for
IT Services is Required
• What do we do today?
• What do our customers want us to do?
• What changes do we need to make to align with our
customers needs?
• How will they pay for those services?
• How will we deliver those services consistently and
measure their delivery?
• What kind of organisation (Governance/Contract
Management/Structures/Staff/Skills/Service Providers) will
we need to achieve it?
• What service management processes we should use?

April 20, 2010 8

Reasons Organisations Outsource
Reduce And Control Operating
17%
Costs

Improve Company Focus 16%

Gain Access To World-Class

12%
Capabilities

Free Resources For Other

12%
Purposes

Resources Not Available

8%
Internally

Reduce Time To Market 6%

Take Advantage Of
6%
Capabilities

Accelerate Reengineering
4%
Benefits

Share Risks 3%

Function Difficult To Manage

3%
Or Out Of Control

April 20, 2010 9

Outsourcing Experiences

• 13% to 25% of outsourcing contracts are brought in-house

within the first two years
• Buyers replace 80% of their service contractors in the first
three years
• Contractors turn over 40% of their contracts each year, on
average
• Nearly 70% outsourcing organisations feel their service
provider does adequately understand what they are
supposed to do

April 20, 2010 10

Key Issues For Successful Outsourcing

• Many outsourcing relationships fail, are terminated early,

are unsatisfactory to either or both of the service provider
and the client
• Outsourcing is a business issues and should be treated as
such
• Many common issues, problems and concerns arise across
outsourcing contracts
• Learn from the issues to avoid them

April 20, 2010 11

Hidden Costs of Outsourcing

• Transfer of knowledge
− Processes and procedures
− Documentation
− Personal knowledge
• Quality issues and their resolution
− Inspection programmes
− Sustaining quality programmes
− Cost of rework
• Communication
− Poor customer service
− Daily operational issues

April 20, 2010 12

Phases of Outsourcing Relationship

Ongoing

Analysis Initiation Delivery Completion

For outsourcing organisation

For both outsourcing organisation and service provider

April 20, 2010 13

Phases of Outsourcing Relationship

Phase Outsourcing Organisation Service Provider

Analysis Analyse operations and functions to

identify those services, processes or
functions that could potentially be
outsourced and develops the approach
to be taken to source the identified
opportunities
Initiation Prepare for and transition to provision Prepare for and transition to provision of
of service service

Delivery Provide service and manage and Provide service and manage and measure its
measure its provision provision

Completion Close-out the service after the contract Close-out the service after the contract ends
ends or the service has been terminated or the service has been terminated

Ongoing Management of outsourcing lifecycle Management of outsourcing lifecycle

April 20, 2010 14

Roles of Service Provider and Outsourcing Organisation
During Phases of Outsourcing Relationship
Service Provider Outsourcing Organisation

Determine if outsourcing represents a business

Analysis opportunity

Plan for outsourcing of selected services, evaluate and

Prepare for service transition, transfer resources and
select a service provider, create an outsourcing
Initiation personnel from outsourcing organisation and ensure
agreement and transfer resources and personnel to
service continuity
service provider

Implement the capability to manage the service

Define and agree requirements, negotiate contract, provider, administer the agreement and the issues,
Delivery plan, design and deploy service, implement service challenges and changes that arise after the agreement
delivery has been reached, reviewing the service provider’s
performance

Implement knowledge management processes, Develop outsourcing strategy management, manage

perform people management, implement relationship with service provider, ensure value,
Ongoing performance management, manage relationship, implement knowledge management processes,
manage technology and manage risks and threats manage technology and manage risks and threats

Prepare for service transition, transfer resources and Plan for completion, ensure service continuity,
Completion personnel from outsourcing organisation and ensure transfer resources and personnel from outsourcing
service continuity organisation and transfer knowledge

April 20, 2010 15

Roles of Service Provider and Outsourcing Organisation
During Phases of Outsourcing Relationship

Common
Language
Service Provider
and
Expectations

Analysis Initiation Delivery Ongoing Completion

Agreed Roles
and Outsourcing Organisation
Responsibilities

April 20, 2010 16

Key Capabilities and Constituent Practices

• Idealised set of steps for a service provider and end-user

organisations and outsourcing organisation to perform
when taking on a new outsourcing service
• Provides a detailed checklist of work to be done
• Each practices contains a set of activities and tasks
• Can be modified to suit the circumstances: scope of
outsourcing, size of service, duration of contract
• Can forms the basis of a project plan for elements of
outsourcing work such as initiation
• Reduces risk of failure
April 20, 2010 17
Key Capabilities Within Outsourcing Lifecycle for
Service Providers
People Performance Relationship Technology
Management Management Management Management

Knowledge Threat
Management Ongoing Management

Initiation Delivery Completion

Service Design
Service Service Service
Contracting and
Transfer Delivery Transfer
Deployment
April 20, 2010 18
Key Capabilities Within Outsourcing Lifecycle for
End-User Organisations
Outsourcing Organisational
Governance Relationship Value
Strategy Change
Management Management Management
Management Management

Technology People
Management Management

Ongoing
Threat Knowledge
Management Management

Analysis Initiation Delivery Completion

Outsourcing
Opportunity
Analysis
Outsourcing Outsourcing Outsourcing
Planning Agreements Completion
Outsourcing
Approach Service Sourced
Service
Provider Services
Transfer
Evaluation Management
April 20, 2010 19
Key Capabilities Within Outsourcing Lifecycle for
Service Providers and End-User Organisations
Outsourcing
Capabilities
and Skills

Analysis Initiation Delivery Ongoing Completion

Outsourcing Outsourcing Service Outsourcing Service Outsourcing Service Outsourcing Service

Organisation Organisation Provider Organisation Provider Organisation Provider Organisation Provider

Outsourcing Sourced Outsourcing

Outsourcing Service Knowledge Outsourcing Service
Opportunity Services Contracting Strategy
Planning Transfer Management Completion Transfer
Analysis Management Management
Service Service Design
Outsourcing Governance People
Provider and
Approach Management Management
Evaluation Deployment

Outsourcing Service Relationship Performance

Agreements Delivery Management Management

Service Value Relationship

Transfer Management Management

Organisational
Technology
Change
Management
Management

People Threat
Management Management

Knowledge
Management

Technology
Management

Threat
Management
April 20, 2010 20
Key Capabilities and Constituent Practices for
Outsourcing

Service Providers Capabilities

and Skills

Initiation/
Delivery Ongoing
Completion

3 Service
1 Service 4 Service 5 Knowledge 6 People 7 Performance 8 Relationship 9 Technology 10 Threat
2 Contracting Design and
Transfer Delivery Management Management Management Management Management Management
Deployment

3.1 4.1 Plan 7.1

1.1 Resources 2.1 5.1 Share 6.1 Encourage 8.1 Client 9.1 Acquire 10.1 Risk
Communicate Service Engagement
Transferred In Negotiations Knowledge Innovation Interactions Technology Management
Requirements Delivery Objectives

5.2 Provide 6.2 8.2 Select 10.2

1.2 Personnel 3.2 Design and 4.2 Train 7.2 Verify 9.2 Technology
2.2 Pricing Required Participation Suppliers and Engagement
Transferred In Deploy Service Clients Processes Licenses
Information# in Decisions Partners Risk

2.3 Confirm 3.3 Plan Design 8.3 Manage 10.3 Risk

1.3 Service 4.3 Deliver 5.3 Knowledge 6.3 Work 7.3 Adequate 9.3 Control
Existing and Suppliers and Across
Continuity Service System Environment Resources Technology
Conditions Deployment Partners Engagements

1.4 Resources 4.4 Verify 6.4 Assign 7.4

2.4 Market 3.4 Service 5.4 Process 9.4 Technology
Transferred Service Responsibilitie Organisational 8.4 Cultural Fit 10.4 Security
Information Specification Assets Integration
Out Commitments s Objectives

1.5 Personnel 5.5 7.5 Review 8.5 10.5

2.5 Plan 3.5 Service 4.5 Correct 6.5 Define 9.5 Optimise
Transferred Engagement Organisational Stakeholder Intellectual
Negotiations Design Problems Roles Technology
Out Knowledge Performance Information Property

1.6 Knowledge 4.6 Prevent 9.6 Proactively 10.6 Statutory

2.6 Gather 3.6 Design 6.6 Workforce 7.6 Make 8.6 Client
Transferred Known 5.6 Reuse Introduce and Regulatory
Requirements Feedback Competencies Improvements Relationships
Out Problems Technology Compliance

5.7 Version 6.7 Plan and 7.7 Achieve 8.7 Supplier

2.7 Review 3.7 Verify 4.7 Service 10.7 Disaster
and Change Deliver Organisational and Partner
Requirements Design Modifications Recovery
Control Training Objectives Relationships

6.8 Plan and

2.8 Respond to 3.8 Deploy 4.8 Financial 5.8 Resource 7.8 Capability 8.8 Value
Deliver
Requirements Service Management Consumption Baselines Creation
Training

6.9
2.9 Contract
Performance 7.9 Benchmark
Roles
Feedback

6.10 7.10 Prevent

2.10 Create
Performance Potential
Contracts
Feedback Problems

2.11 Amend 7.11 Deploy

6.11 Rewards
Contracts Innovations
April 20, 2010 21
Key Capabilities and Constituent Practices for End-
User Organisations - 1 Outsourcing
Capabilities and
Skills

Analysis Phase Initiation Phase Delivery Phase Completion Phase

1 Outsourcing
2 Outsourcing 3 Outsourcing 4 Service Provider 5 Outsourcing 7 Sourced Services 8 Outsourcing
Opportunity 6 Service Transfer
Approach Planning Evaluation Agreements Management Completion
Analysis
3.1 Establish 7.1 Perform
1.1 Define Current 2.1 Outsourcing 4.1 Communicate 5.1 Negotiations 6.1 Service 8.1 Completion
Outsourcing Outsourcing
State Approach Requirements Guidelines Transition Planning
Project Management
4.2 Evaluate
1.2 Outsourcing 3.2 Service 5.2 Confirm 7.2 Performance 8.2 Service
2.2 Business Case Potential Service 6.2 Verify Design
Criteria Definition Existing Conditions Monitoring Continuity
Providers
3.3 Service 4.3 Select 8.3 Resources
1.3 Demand 2.3 Governance 6.3 Resources 7.3 Financial
Provider Selection Candidate Service 5.3 Negotiations Transfer from
Identification Model Transferred Out Management
Procedures Providers Service Provider
8.4 Personnel
1.4 Outsourcing 2.4 Impact and 3.4 Evaluation 5.4 Agreement 6.4 Personnel 7.4 Agreement
Transfer from
Options Risk Analysis Criteria Roles Transferred Out Management
Service Provider
3.5 Prepare 7.5 Problem and 8.5 Knowledge
2.5 Outsourcing 5.5 Define SLAs 6.5 Knowledge
Service Incident Transfer from
Initiation Decision and Measures Transferred Out
Requirements Monitoring Service Provider
7.6 Service
5.6 Create
Delivery Change
Agreements
Management

5.7 Amend 7.7 Service Change

Agreements Management

7.8 Review Service

Performance

7.9 Stakeholder
Feedback

7.10 Service Value

Analysis

7.11 Continuation
Decision
April 20, 2010 22
Key Capabilities and Constituent Practices for End-
User Organisations - 2 Outsourcing
Capabilities and
Skills

Ongoing Phase

Competency
Governance Environment
and Change
Focused Focused
Focused

13
9 Outsourcing
10 Governance 11 Relationship 12 Value Organisational 14 People 15 Knowledge 16 Technology 17 Threat
Strategy
Management Management Management Change Management Management Management Management
Management
Management

12.1 17.1
10.1 11.1 Service 13.1 Prepare for 14.1 Assign 15.1 Provide
9.1 Outsourcing Organisational 16.1 Asset Outsourcing
Outsourcing Provider Organisational Outsourcing Required
Sponsorship Outsourcing Management Risk
Policy Interactions Change Responsibilities Information
Performance Management

17.2
10.2 Service 11.2 Service 13.2
9.2 Outsourcing 12.2 Capability 14.2 Personnel 15.2 Knowledge 16.2 License Organisational
Provider Provider Stakeholder
Constraints Baselines Competencies System Management Risk
Management Relationships Involvement
Management

14.3
9.3 Potential 10.3 Internal 12.3 Benchmark
11.3 Internal 13.3 Define Organisational 15.3 Market 16.3 Technology 17.3 Intellectual
Outsourcing Stakeholder Outsourcing
Relationships Future State Outsourcing Information Integration Property
Areas Management Processes
Competency

10.4 Defined 12.4 Improve 13.4 Human

9.4 Outsourcing 11.4 Issue 14.4 Define 15.4 Lessons 17.4 Security
Outsourcing Outsourcing Resource
Objectives Management Roles Learned and Privacy
Processes Processes Changes

9.5 13.5
10.5 Align
Organisational Communicate 15.5 Share
Strategy and 11.5 Cultural Fit 12.5 Innovation 17.5 Compliance
Outsourcing Organisational Knowledge
Architectures
Strategy Changes

10.6 Business 11.6 12.6 Business 13.6

17.6 Business
Process Collaborative Value and Organisational
Continuity
Integration Relationships Impact Change

12.7
10.7 Adapt to 11.7 Innovative
Outsourcing
Business Change Relationships
Alignment
April 20, 2010 23
Analysis Phase

• Service Provider
• Concerned with analysing operations and
functions to identify those services,
processes, or functions that could
potentially be outsourced
− Understanding the current, or as-is, state of
the client organisation’s structure and
processes
− Identifying the relevant criteria for selecting
outsourcing opportunities
− Identifying outsourcing opportunities to
meet outsourcing objectives and criteria
− Organising options for outsourcing
− Developing and validating the Business Case
for each outsourcing option
− Identifying the outsourcing approach and
governance model for the proposed
outsourcing action
− Performing impact and risk analyses of the
proposed outsourcing action
− Making the decision whether or not to
source the proposed outsourcing action

April 20, 2010 24

Initiation Phase

• Service Provider • End-User Organisation

• Concerned with preparation for and initiation of
service delivery
− Gather requirements
− Perform due diligence to validate customer
information
− Assess if and how the requirements can be met
− Prepare for negotiation
− Negotiate and sign contract
− Confirm assumptions
− Confirm responsibilities and commitments
− Design the service
− Review the service design
− Create service specification
− Deploy the service
− Transfer resources - personnel, technology,
infrastructure, applications
− Transition of service
• Concerned with preparation for and initiation of
managing outsourced services
− Preparing for service selection by developing the
solicitation and criteria for selection
− Soliciting and evaluating potential service
providers
− Preparing for negotiation by having an
organisational position on cost, quality and other
topics that need to be negotiated
− Defining the formal service level agreements and
service provider performance measures
− Understanding service provider’s capabilities by
gathering information about the service provider
and confirming the assumptions that impact
commitments
− Establishing a formal agreement with service
providers that clearly articulates the clients’ and
service provider’s responsibilities and
commitments
− Providing feedback on the service design in order
to ensure that the services are meeting the
client’s requirements and the agreed-upon
commitments
− Managing the effective transfer of resources
needed for service delivery, including personnel,
technology infrastructure and work environment

April 20, 2010 25

Delivery Phase
• Service Provider
• Concerned with service delivery including
management of service delivery, verification
that commitments are being met and
management of costs associated with the
service provision
− Planning and tracking the service delivery
activities
− Delivering services according to the agreed
commitments
− Managing the finances associated with the service
delivery
− Identifying and controlling modifications to the
services being provided
− Identifying and controlling modifications to
associated service commitments
− Identifying problems that impact the service
delivery and taking both preventive and
corrective actions
April 20, 2010
• End-User Organisation
• Concerned with monitoring the service
provider’s service delivery capabilities, including
the ongoing monitoring of service provider
performance to verify that commitments are
being met, monitoring changes, management of
the finances and agreements associated with
the service provision, fostering realistic
expectations and performing value analysis
− Planning and tracking the outsourcing
management activities
− Ensuring that services are delivered according to
the agreed-upon commitments
− Managing the finances associated with the service
delivery
− Identifying and controlling modifications to the
services being provided or to the associated
service commitments
− Facilitating problem resolution for problems that
impact the service delivery
− Reconciling performance against expectations and
ensuring that the service provision returns value
to the client organisation
26
Ongoing Phase
• Service Provider
• Management functions that need to
be performed during the entire
outsourcing lifecycle
− Manage and motivate personnel to
effectively deliver services
− Manage relationships with clients,
suppliers and business partners
− Measure and review the organisation’s
performance and taking action to
improve it
− Manage information and knowledge
systems so that personnel have access
to the knowledge needed to
effectively perform their work
− Identify and control threats to the
organisation’s ability to meet its
objectives and client requirements
− Manage the technology, systems and
applications infrastructure used to
support delivery of service
April 20, 2010
• End-User Organisation
• Management functions that need to
be performed during the entire
outsourcing lifecycle
− Manage and motivate personnel to
effectively deliver services
− Manage relationships with clients,
suppliers and business partners
− Measure and review the organisation’s
performance and taking action to
improve it
− Manage information and knowledge
systems so that personnel have access
to the knowledge needed to
effectively perform their work
− Identify and control threats to the
organisation’s ability to meet its
objectives and client requirements
− Manage the technology, systems and
applications infrastructure used to
support delivery of service
27
Completion Phase
• Service Provider
• Concerned with closing down the
engagement at the end of the outsourcing
lifecycle
− Manage the transfer of resources to the
new service provider, whether it is to the
client or to another service provider
− Ensure service continuity during transfer
− Identify and transferring the knowledge
critical for the delivery of service
April 20, 2010
• End-User Organisation
• Concerned with closing down the
engagement at the end of the outsourcing
lifecycle
− Planning for closing down a outsourced
service and managing the agreement during
the close-down period including managing
the agreement during termination
proceedings, during renewal, or during
normal completion
− Managing the transfer of resources to the
new service provider, whether it is to back
to the organisation or to another service
provider including the potential transfer of
people, technology infrastructure and
intellectual property
− Ensuring service continuity during the
transfer of responsibilities for service
provision
− Identifying and transferring the knowledge
capital critical for the delivery of service
28
Sample Activities by Service Provider and End-User
Organisation – Threat Management in Ongoing Phase
Ongoing Phase

Threat Management

Service Provider End-User Organisation

Risk Management Outsourcing Risk Management

Engagement Risk Organisational Risk Management

Risk Across Engagements Intellectual Property

Security Security and Privacy

Intellectual Property Compliance

Statutory and Regulatory Compliance Business Continuity

Disaster Recovery
April 20, 2010 29
Threat Management - Risk Management

• Service Provider • End-User Organisation

• Risk Management • Outsourcing Risk Management
• Scope • Scope
− Establish and implement a policy on risk − Establish and implement procedures to identify,
management assess and manage outsourcing risks
• Activities − Effective risk management is particularly critical in
the early stages of a outsourcing initiative, where
− Provide support for creating and maintaining a requirements are being organised and service is
policy for managing risk being designed to meet those requirements
− Document and implement a policy for managing − Problems encountered here can impact the
risk success of service delivery and associated
− Support the implementation of a policy for business benefits throughout the life of the
managing risk initiative.
• Activities
− Provide support for creating and maintaining the
procedures for identifying, assessing and
managing outsourcing risks
− Document and implement the procedures
required for identifying, assessing and managing
outsourcing risks
− Support the implementation of identifying,
assessing and managing outsourcing risks

April 20, 2010 30

Threat Management - Risk Management
• Service Provider
• Engagement Risk
• Scope
− Identify, assess and manage risks specific to the
client engagement
• Activities
− Provide support for creating and maintaining the
work products and tasks for identifying, assessing
and managing engagement-specific risks
− Document and implement the work products and
activities required to identify, assess and manage
engagement-specific risks
− Support the implementation of identifying,
assessing and managing engagement-specific risks
April 20, 2010
• End-User Organisation
• Organisational Risk Management
• Scope
− Establish and implement procedures to manage
risks across multiple outsourced services and
service providers
− Effective identification and assessment of risks
enables the client organisation to take mitigating
actions to lower the impact should a risk event
occur
− Effective risk management improves the
stakeholders’ confidence in the client
organisation’s ability to maintain needed services
and service levels
• Activities
− Provide support for creating and maintaining the
procedures for managing risks across multiple
outsourced services and service providers
− Document and implement the procedures
required for managing risks across multiple
outsourced services and service providers
− Support the implementation of managing risks
across multiple outsourced services and service
providers
31
Threat Management - Risk Management

• Service Provider
• Risk Across Engagements
• Scope
− Establish and implement procedures
to manage risks across client
engagements
• Activities
− Provide support for creating and
maintaining the procedures for
managing risks across client
engagements
− Document and implement the
procedures for managing risks across
client engagements
− Support the implementation of the
procedures for managing risks across
client engagements

April 20, 2010 32

Threat Management - Security and Privacy
• Service Provider
• Security
• Scope
− Establish and implement procedures to meet
security requirements
• Activities
− Provide support for creating and maintaining the
procedures for meeting security requirements
− Document and implement the procedures for
meeting security requirements
− Support the implementation of the procedures for
meeting security requirements
April 20, 2010
• End-User Organisation
• Security and Privacy
• Scope
− Establish and implement procedures to meet
security and privacy requirements
− Breakdowns, such as security breaches, can
impact the client organisation’s ability to provide
business continuity, thereby damaging the
relationship and making the involved parties
vulnerable to legal action
− Effective security is essential for meeting privacy
requirements and protecting intellectual property
− Security requirements may come from the client
organisation or statutes and regulations
governing the service being delivered
• Activities
− Provide support for creating and maintaining the
procedures for meeting security and privacy
requirements
− Document and implement the procedures
required for meeting security and privacy
requirements
− Support the implementation of meeting security
and privacy requirements
33
Threat Management - Intellectual Property
• Service Provider
• Intellectual Property
• Scope
− Establish and implement procedures to protect
the intellectual property of stakeholders
• Activities
− Provide support for creating and maintaining the
procedures for protecting the intellectual
property of stakeholders
− Document and implement the procedures for
protecting the intellectual property of
stakeholders
− Support the implementation of the procedures for
protecting the intellectual property of
stakeholders
April 20, 2010
• End-User Organisation
• Intellectual Property
• Scope
− Establish and implement procedures to protect
the intellectual property of stakeholders
− Inappropriate use or disclosure of intellectual
property can damage the relationship with
stakeholders, may cause financial loss and make
the client organisation vulnerable to disputes or
legal action
− Organisation should have a formalised policy on
the protection of intellectual property that is used
to provide direction for creating the procedures
on protection of intellectual property
• Activities
− Provide support for creating and maintaining the
procedures for protecting the intellectual
property of stakeholders
− Document and implement the procedures
required for protecting the intellectual property
of stakeholders
− Support the implementation of protecting the
intellectual property of stakeholders
34
Threat Management - Compliance
• Service Provider
• Statutory and Regulatory Compliance
• Scope
− Establish and implement procedures to comply
with statutory and regulatory requirements
• Activities
− Provide support for creating and maintaining the
procedures for statutory and regulatory
compliance
− Document and implement the procedures for
statutory and regulatory compliance
− Support the implementation of the procedures for
statutory and regulatory compliance
April 20, 2010
• End-User Organisation
• Compliance
• Scope
− Establish and implement procedures to comply
with applicable standards and statutory and
regulatory requirements
− Client organisation must implement procedures
to address governance, risk and compliance
− Procedures ensure that they comply with
standards, statutes and regulations that impact
their outsourcing capability and their outsourced
services in order to meet statutory, regulatory
and stakeholder requirements and to avoid
stakeholder dissatisfaction and legal or audit
issues
• Activities
− Provide support for creating and maintaining the
procedures for complying with applicable
standards and statutory and regulatory
requirements
− Document and implement the procedures
required for complying with applicable standards
and statutory and regulatory requirements
− Support the implementation of complying with
applicable standards and statutory and regulatory
requirements
35
Threat Management - Disaster Recovery and
Business Continuity
• Service Provider • End-User Organisation
• Disaster Recovery • Business Continuity
• Scope • Scope
− Establish and implement disaster recovery − Establish and implement procedures to ensure
procedures business continuity of outsourced services
• Activities − Prepare for possible disasters in order to minimise
their impact on the client organisation’s ability to
− Provide support for creating and maintaining the continue business activities
procedures for disaster recovery − Preparation covers service delivery, security, the
− Document and implement the procedures for protection of intellectual property, crisis
disaster recovery management and the safety of personnel and
− Support the implementation of the procedures for promotes confidence in the client organisation’s
disaster recovery and service providers’ ability to react effectively
to adverse situations
• Activities
− Provide support for creating and maintaining the
procedures for ensuring business continuity of
outsourced services
− Document and implement the procedures
required for ensuring business continuity of
outsourced services
− Support the implementation of ensuring business
continuity of outsourced services

April 20, 2010 36

Benefits of Structured Approach

• Service Provider • End-User Organisation

• Minimises problems • Provides structured approach to

• Provides common language evaluating and adopting outsourcing

• Provides common understanding of • Demonstrates due diligence in

roles and responsibilities selecting outsourcing partner

• Provides mechanism for resolving • Provides common understanding of

issues roles and responsibilities

• Know what is expected and what • Provides mechanism for resolving

should be done issues
• Knows service to be provided and
measures delivery

April 20, 2010 37

Summary

• Outsourcing experiences and implementations has been

poor
• A structured approach to implementing outsourcing
arrangements by both providers and end-users can enable
effective outsourcing
• A common language and a common understanding of roles
and responsibilities will reduce problems and assist in
issue resolution

April 20, 2010 38

More Information

Alan McSweeney
alan@alanmcsweeney.com

April 20, 2010 39