Assignment 1 (a)

Strategic Systems

Strategic Systems in Essilor (System Thinking)

Flow of information

Stakeholders involved

Assingment1 (b)

Data Protection laws (Investigation)

How it is affecting flow of data in the organization (or country of your organization)

What steps are taken by your organization about data protection laws?
Assignment2 (a)

Critically evaluate any consequences of poor data protection on any current or future outsourcing
activities that your organization is or may be engaged in.

Data Extracts from Files

As the outsourcing of software development becomes more widespread, organizations must take efforts
to protect their sensitive data. While an outsourcing partner handling portions of a project can yield
great efficiencies, how can the contracting organization be assured that their trade secrets will be
protected by workers that they have never vetted? How can government contractors take advantage of
outsourcing efficiencies but still keep the trust of their government clients? Finally, how can an
organization share data with offshore partners without violating export restrictions and compromising
national security? This paper provides an overview of how outsourcing is currently performed in the
software industry, presents case studies of outsourcing where data sensitivity issues have arisen,
examines the categories of risks to proprietary data, and finally presents strategies for dealing with
these problems.

So why do some firms spend a greater portion of their IT budget on IT outsourcing? Is

this a long-term trend or a short-term obsession? From an organisational context,
outsourcing is fuelled largely by cost cutting imperatives coupled with improved
budgetary control, refreshing technology and a wish to concentrate on the core
functions of the company. Moreover, offshore outsourcing has evolved into an increasingly
strategic solution for solving long-term business problems and freeing resources
to refocus on core activities. (Pai and Basu 2006)

Emerging Legal Challenges: Evolving Priorities and Concerns

It is sometimes easy to get carried away to assume that outsourcing is the panacea to cure all business adversities.
Conversely, an outsourcing arrangement can be in dire straits if careful attention is not paid to due diligence
strategies, legislative and regulatory procedures. Naturally, any organisation considering offshore outsourcing of IT-
enabled services as an option will need to consider the legal implications of the distinct processes and will have to
be aware of the judicial system of the outsourced country if the process fails to work satisfactorily. Key issues
inherent to outsourcing arrangements are loss of control and multi-faceted differences between the customer and its
service providers.

Particularly, risks are infinitely higher when the outsourced work is being undertaken in a different time zone or in a
different jurisdiction — especially if the outsourcing partner has in possession the software and data of the
outsourcing company. As a result, the importance of legal issues is further elevated as, at every phase of an
outsourcing agreement, compliance issues and contractual obligations can affect the success of the enterprise
customer and its relationship with its service providers. Further, as enterprises continue to adopt varying operating
models for outsourcing agreements, they must be in a position to evaluate and weigh the strategic and tactical
objectives and priorities primarily involving four key factors, which includes: cost savings, service quality/delivery,
level of control/governance and risk tolerance. Some common legal issues which require special attention are
outlined:
 • Choosing a governing law for the cross-border contract, and establishing which regulatory laws apply
in case of infringement or breach of contract.
• Resolving software licences and usage permission of proprietary support tools.
• Considering data protection and security delegations.
• Establishing the effect of any mandatory local laws which may prejudice the relationship or impact on
later litigation.
• Making sure that all IP rights and trade secrets are protected so that they are not violated in
the foreign country.
• Covering for the insolvency, winding-up and change of control of the supplier.

(Pai and Basu 2006)

In addition to the legal issues mentioned above, there are some purely practical issues like language
barriers, geopolitical instability, loss of management control; and accountability problems, which also
need to be considered during the decision making process. Hence, as a matter of commercial
practicality, clauses in a contract with an overseas company are completely worthless unless there is a
mechanism for enforcing the contract in a way which actually works quickly and effectively. In
jurisdictions where no reciprocal legal arrangements exist, or where it is unrealistic to expect genuine
cooperation from the foreign legal system, the only sensible approach would be to build-in practical
measures in the contract itself as discussed later in this section, which do not necessarily require the
intervention of the legal process. In this section, as an example of offshored vendor services
marketplace we have focused our discussion on the Indian IT outsourcing industry in some of our case
studies.

Further, we have attempted to provide a comprehensive checklist of legal issues along with insightful
guidance on coping with emerging challenges in doing business beyond the borders of Europe and U.S.,
although broader expertise in these areas is desirable in planning and executing international
outsourcing transactions.
Outsourcing is defined in this paper as a regulated entity’s use of a third party (either an
affiliated entity within a corporate group or an entity that is external to the corporate group) to
perform activities on a continuing basis that would normally be undertaken by the regulated
entity, now or in the future.

What is Outsourcing?

At around the same time period, many organizations realized that, when they converted their legacy mainframe
based custom administration applications (personnel, payroll, accounting, finance, manufacturing, sales analysis,
accounts receivable, payables, etc.) to application products from Peoplesoft, SAP, ORACLE, Seibel, etc., it often
made sense to actually contract out the hosting and support of those applications to a supplier who specialized in
delivering payroll, personnel, accounting, etc. services using those application products. It was also a lot simpler to
define a service level agreement for running a commercial product than for running a mix of your old home-grown
applications. That usually also transferred the development and maintenance responsibility associated with the
application products being used to the outsourcer or ASP too. These outsourcing deals have enjoyed a lot more
success, and continue to grow in popularity. Some variations saw the organization actually retain the hosting
responsibility, but had the outsourcer manage and support the application product on the customer's computer
site.

Motivating Factors
Many of the initial and obvious motivators were described above. However, there were and are a number
of less obvious but no less pressing motivators to outsource involved today. Computer applications today
are much more critical to the organization's minute by minute operation than they were 10 years ago.
Information workers (and most police workers can be called information workers without a stretch of the
imagination), simply cannot do their job effectively today without the supporting information systems. If
the system is down, the MDTs and mobile workstations don't work, or if e-mail or NCIC/CPIC access is
down, productivity crashes. Our paperless operation clients are hit even harder. So, the attention to and
critical value (and related cost) of assuring non-stop reliability, “hardened” sites, disaster back-up facilities,
closely monitored security, assured integrity, etc. can be many times what it was a few short years ago.
Most corporations and agencies face similar challenges today. Outsourcers often can present a most
credible and compelling argument that they can deliver to such high availability objectives better and at
less cost.

Technical staffing also can pose challenges to organizations running the “lifeblood” systems of the organization.
Certainly, in the recent “dot-com” boom, many commercial organizations and government agencies found it difficult
to attract and retain the sorts of technical skills and expertise that such systems need to stay effective. Even today,
these skills are in scarce supply and often organizations and agencies can only afford to have one person with a
specific expertise, so when that person leaves, they are extremely vulnerable to problems. Because outsourcers
specialize in running and supporting such systems for many, many organizations, they have the scale to maintain
adequate depth of technical resources so that routine turn-over of such staff does not compromise their service level.
Such resources as we have described are expensive, so sharing the resources (hardened site, very powerful servers,
capable and proven technical staff, high speed network connections, specialized support software for system and
network management, back-up facilities and disaster /recovery sites, security layers, etc.) can make a lot of sense
and reduce the cost burden associated with maintaining the expected and required service level.

Obstacles to Outsourcing

The most recurring and obvious one is related to control and dependence; most organizations do not create such an
operational vulnerability, exposure or external dependence on a third party organization casually. Some simply will
not consider outsourcing for just that reason. Even with a rigorous contract, the available “remedy”, to exit the
contract, can pose perceived risks of disruption that are unacceptable. You have to have confidence in your ability to
contractually constrain and then manage such a contract (but more organizations are reaching that state every year).

Security of sensitive information and processes can also pose obstacles to outsourcing. When legal or commercial
damage could result from disclosure or corruption of information, outsourcing can be perceived as adding further
vulnerability to such exposure and thus discourages outsourcing.

With the development and penetration of business information systems, information systems
outsourcing (IS Outsourcing) has attracted more and more interests from both managers and IT
vendors.

_________________________________________________>>>>

As now the importance and dependencies on business information system grow, concept of
information system outsourcing has grown immensely among management and service
providers.

_________________________________________________>>>>

Data protection and Outsourcing (setbacks disadvantages) especially with examples

Assignment2 (b)

Discuss the ways in which you would incorporate the key aspects of the data protection legislation or
principles into information-related strategies for an organization of your choice.
References

Hengesbaugh, Baker, McKenzie (2010) Data protection aspects in an outsourcing transaction

Pai and Basu (2006) “Emerging Legal Challenges in Offshore Outsourcing of IT-Enabled Services” from
book “Outsourcing and offshoring in 21st Century a Socio economic prospective ” page 404