Upload
achintya-agarwal
View
219
Download
0
Embed Size (px)
Citation preview
8/8/2019 Risks in Outsourcing the IT Function
1/26
ACHINTYA AGARWAL
AKHIL KAPOOR
SAKSHI DUBE
8/8/2019 Risks in Outsourcing the IT Function
2/26
RISK CONTROL
Account
creation/deletion not
on time
SLA
Penalty Clause in
Contract
2
8/8/2019 Risks in Outsourcing the IT Function
3/26
RISK CONTROL
Improper user account
created
Improper privileges to
account assigned
Maker-checker concept
applied
Maker outsourced,
checker in-house
3
8/8/2019 Risks in Outsourcing the IT Function
4/26
RISK CONTROL
Improper configurations
Unneeded accesses
Maker-checker concept
applied
Maker outsourced,
checker in-house
4
8/8/2019 Risks in Outsourcing the IT Function
5/26
RISK CONTROL
Updates/Patches to
systems improper or
fake
Purchase Genuine
Software
Create autopatching
scripts/configurations
5
8/8/2019 Risks in Outsourcing the IT Function
6/26
RISK CONTROL
Vendor not flexible to
changing demands
Selection of proper
vendor
Contract terms
Understanding of
Company requirements
6
8/8/2019 Risks in Outsourcing the IT Function
7/26
RISK CONTROL
Vendor Outages Uptime Guarantee
SLA
Penalty clause in
Contract
7
8/8/2019 Risks in Outsourcing the IT Function
8/26
RISK CONTROL
Improper configuration
of Hardware/Software
Clarify requirements
Verify changes
Try pilot before major
changes
8
8/8/2019 Risks in Outsourcing the IT Function
9/26
RISK CONTROL
Excess Response Time
Excess Turnaround Time
SLA for response time
Penalty Clause in
Contract
9
8/8/2019 Risks in Outsourcing the IT Function
10/26
RISK CONTROL
Vendor Resource non-
availability
SLA for required
resources
Penalty Clause in
Contract
10
8/8/2019 Risks in Outsourcing the IT Function
11/26
RISK CONTROL
Accountability in case of
incident
Appointing SPOC
Contractual Agreement
on incident handling
11
8/8/2019 Risks in Outsourcing the IT Function
12/26
RISK CONTROL
Security &
Confidentiality of data
Encryption of stored
data
In-house Audits
Non-Disclosure
Agreement like clauses
in Contract
12
8/8/2019 Risks in Outsourcing the IT Function
13/26
RISK CONTROL
Knowledge ofVendors
Resources
Selecting a reputed
vendor
Contractual stipulations
on required skills
13
8/8/2019 Risks in Outsourcing the IT Function
14/26
RISK CONTROL
Loss of physical access
to system
Access to equipment
when required
Authorised personnel
only
Stipulated in contract
14
8/8/2019 Risks in Outsourcing the IT Function
15/26
RISK CONTROL
No control over location
of systems
Physical locations of
hardware mutually
decided
15
8/8/2019 Risks in Outsourcing the IT Function
16/26
RISK CONTROL
No control over
frequency and location
of backups
Contractual agreement
16
8/8/2019 Risks in Outsourcing the IT Function
17/26
RISK CONTROL
Social Engineering of
vendor
Insurance against losses
Selection of reputed
vendor with good
information security
policies
Contractual penalties
17
8/8/2019 Risks in Outsourcing the IT Function
18/26
RISK CONTROL
Improper Processes In-house and 3rd party
process auditing
Quality certifications
18
8/8/2019 Risks in Outsourcing the IT Function
19/26
RISK CONTROL
Quality of Services
Rendered not upto the
mark
Regular updates
KPI generation and
monitoring
Testing of services being
availed
Quality Checks Quality certifications
Contractual penalties
19
8/8/2019 Risks in Outsourcing the IT Function
20/26
RISK CONTROL
Loss of confidential data
over network while
connected remotely
Encrypted tunnel to
Company systems
20
8/8/2019 Risks in Outsourcing the IT Function
21/26
RISK CONTROL
Non-compliance to
Legislation
Quality certifications
Compliances to be
followed
Mentioned in contract
21
8/8/2019 Risks in Outsourcing the IT Function
22/26
RISK CONTROL
Termination of contract Creation of good Exit
Plan while negotiating
contract
22
8/8/2019 Risks in Outsourcing the IT Function
23/26
RISK CONTROL
Improper Knowledge
Transfer/Improper
Documentation
Creating of a Knowledge
Bank/Wiki
Regular Auditing
23
8/8/2019 Risks in Outsourcing the IT Function
24/26
RISK CONTROL
Data might be modified Access levels to Vendors
proper
Encrypted stored data
Implementation of data
change monitoring
softwares Regular Auditing
24
8/8/2019 Risks in Outsourcing the IT Function
25/26
RISK CONTROL
Company Employees
non-understanding of
upgraded system
Conduction of Training
before making major
changes
25
8/8/2019 Risks in Outsourcing the IT Function
26/26
26