Your SlideShare is downloading. ×
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Outsourcing and Managed Services - Developing a Common Language Between Suppliers and Purchasers to Reduce Risk

4,965

Published on

Describe at a high-level a structured approach to implementing outsourcing/managed services from both service provider and end-user organisation …

Describe at a high-level a structured approach to implementing outsourcing/managed services from both service provider and end-user organisation

Provide a high-level view of a common set of processes to be used by service providers and end-user organisations to implement and operate an outsourcing/managed services arrangement

Published in: Business
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,965
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
482
Comments
0
Likes
5
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Outsourcing/Managed Services: Developing a Common Language Between Suppliers and Purchasers to Reduce Risk Alan McSweeney
  • 2. Objectives • Describe at a high-level a structured approach to implementing outsourcing/managed services from both service provider and end-user organisation April 20, 2010 2
  • 3. Scope • Provide a high-level view of a common set of processes to be used by service providers and end-user organisations to implement and operate an outsourcing/managed services arrangement April 20, 2010 3
  • 4. What is Outsourcing • Outsourcing is delegating the responsibility for performing an information technology or business function to a third party • You outsource because the outsourcing supplier will do: − What the organisation currently does − At the same or better level of performance − For the same or lower price April 20, 2010 4
  • 5. Advantages of Managed Services • Better use of staff: allows agencies to focus human resources on strategic planning and core mission support • Cost savings: choose not to build and support IT and network infrastructure available in the commercial sector; use limited capital to purchase needed service levels and reduce total cost of ownership • Ability to use optimal technologies: adjust types and mix of hardware, software, skilled labour, capital investment and technology to support changes in mission needs • Rapid response to organisation and business changes: supplier is measured by ability to produce solutions April 20, 2010 5
  • 6. Types of Outsourcing Arrangement • Efficiency/Utility (Make it Cheaper) arrangement outsourcing focuses primarily on cost control and, over time, cost reduction, with the goal of maintaining consistency in the delivery of services • Business Enhancement (Make it Better) arrangement is about business productivity. The organisation’s performance, as compared with their competitors, will improve, resulting in movement toward defined business goals • Transformational (Make me Money) arrangement is characterised by a partnership between the service provider and service recipient that is focused on innovation and new business, changing the very basis on which an organisation competes April 20, 2010 6
  • 7. Benefits of Managed Services • Managed Services offers an alternative approach for a client to acquire IT or telecom support services − Managed services solutions are designed and delivered by service providers according to a predefined statement of deliverables and generally includes end-to-end service, service level agreements, and assets (if desired) • A managed service typically includes monthly recurring service-based pricing offering a more predictable cost approach for the client • Ongoing visibility of operational performance is provided and managed through pre-agreed performance parameters (known as service-level agreements) − The client may include their unique performance requirements such as degree of control and visibility, security, availability, capacity, service continuity and other requirements as it relates to the specific service • Because this is a core competency, the service provider is able to optimise the best balance of facilities, processes, resources, tools, and metrics, resulting in the best overall value for the client − Cost effectiveness is typically achieved through instituting process standards and establishing and supporting a standard operating environment (SOE) consisting of COTS (Commercial Of the Shelf) services and solutions • Managed services can be delivered either in a BOCO (Business-owned, contractor- operated) or COCO (contractor-owned, contractor-operated) model and is largely based on client preference April 20, 2010 7
  • 8. Outsourcing Organisations - Developing a Vision for IT Services is Required • What do we do today? • What do our customers want us to do? • What changes do we need to make to align with our customers needs? • How will they pay for those services? • How will we deliver those services consistently and measure their delivery? • What kind of organisation (Governance/Contract Management/Structures/Staff/Skills/Service Providers) will we need to achieve it? • What service management processes we should use? April 20, 2010 8
  • 9. Reasons Organisations Outsource Reduce And Control Operating 17% Costs Improve Company Focus 16% Gain Access To World-Class 12% Capabilities Free Resources For Other 12% Purposes Resources Not Available 8% Internally Reduce Time To Market 6% Take Advantage Of 6% Capabilities Accelerate Reengineering 4% Benefits Share Risks 3% Function Difficult To Manage 3% Or Out Of Control April 20, 2010 9
  • 10. Outsourcing Experiences • 13% to 25% of outsourcing contracts are brought in-house within the first two years • Buyers replace 80% of their service contractors in the first three years • Contractors turn over 40% of their contracts each year, on average • Nearly 70% outsourcing organisations feel their service provider does adequately understand what they are supposed to do April 20, 2010 10
  • 11. Key Issues For Successful Outsourcing • Many outsourcing relationships fail, are terminated early, are unsatisfactory to either or both of the service provider and the client • Outsourcing is a business issues and should be treated as such • Many common issues, problems and concerns arise across outsourcing contracts • Learn from the issues to avoid them April 20, 2010 11
  • 12. Hidden Costs of Outsourcing • Transfer of knowledge − Processes and procedures − Documentation − Personal knowledge • Quality issues and their resolution − Inspection programmes − Sustaining quality programmes − Cost of rework • Communication − Poor customer service − Daily operational issues April 20, 2010 12
  • 13. Phases of Outsourcing Relationship Ongoing Analysis Initiation Delivery Completion For outsourcing organisation For both outsourcing organisation and service provider April 20, 2010 13
  • 14. Phases of Outsourcing Relationship Phase Outsourcing Organisation Service Provider Analysis Analyse operations and functions to identify those services, processes or functions that could potentially be outsourced and develops the approach to be taken to source the identified opportunities Initiation Prepare for and transition to provision Prepare for and transition to provision of of service service Delivery Provide service and manage and Provide service and manage and measure its measure its provision provision Completion Close-out the service after the contract Close-out the service after the contract ends ends or the service has been terminated or the service has been terminated Ongoing Management of outsourcing lifecycle Management of outsourcing lifecycle April 20, 2010 14
  • 15. Roles of Service Provider and Outsourcing Organisation During Phases of Outsourcing Relationship Service Provider Outsourcing Organisation Determine if outsourcing represents a business Analysis opportunity Plan for outsourcing of selected services, evaluate and Prepare for service transition, transfer resources and select a service provider, create an outsourcing Initiation personnel from outsourcing organisation and ensure agreement and transfer resources and personnel to service continuity service provider Implement the capability to manage the service Define and agree requirements, negotiate contract, provider, administer the agreement and the issues, Delivery plan, design and deploy service, implement service challenges and changes that arise after the agreement delivery has been reached, reviewing the service provider’s performance Implement knowledge management processes, Develop outsourcing strategy management, manage perform people management, implement relationship with service provider, ensure value, Ongoing performance management, manage relationship, implement knowledge management processes, manage technology and manage risks and threats manage technology and manage risks and threats Prepare for service transition, transfer resources and Plan for completion, ensure service continuity, Completion personnel from outsourcing organisation and ensure transfer resources and personnel from outsourcing service continuity organisation and transfer knowledge April 20, 2010 15
  • 16. Roles of Service Provider and Outsourcing Organisation During Phases of Outsourcing Relationship Common Language Service Provider and Expectations Analysis Initiation Delivery Ongoing Completion Agreed Roles and Outsourcing Organisation Responsibilities April 20, 2010 16
  • 17. Key Capabilities and Constituent Practices • Idealised set of steps for a service provider and end-user organisations and outsourcing organisation to perform when taking on a new outsourcing service • Provides a detailed checklist of work to be done • Each practices contains a set of activities and tasks • Can be modified to suit the circumstances: scope of outsourcing, size of service, duration of contract • Can forms the basis of a project plan for elements of outsourcing work such as initiation • Reduces risk of failure April 20, 2010 17
  • 18. Key Capabilities Within Outsourcing Lifecycle for Service Providers People Performance Relationship Technology Management Management Management Management Knowledge Threat Management Ongoing Management Initiation Delivery Completion Service Design Service Service Service Contracting and Transfer Delivery Transfer Deployment April 20, 2010 18
  • 19. Key Capabilities Within Outsourcing Lifecycle for End-User Organisations Outsourcing Organisational Governance Relationship Value Strategy Change Management Management Management Management Management Technology People Management Management Ongoing Threat Knowledge Management Management Analysis Initiation Delivery Completion Outsourcing Opportunity Analysis Outsourcing Outsourcing Outsourcing Planning Agreements Completion Outsourcing Approach Service Sourced Service Provider Services Transfer Evaluation Management April 20, 2010 19
  • 20. Key Capabilities Within Outsourcing Lifecycle for Service Providers and End-User Organisations Outsourcing Capabilities and Skills Analysis Initiation Delivery Ongoing Completion Outsourcing Outsourcing Service Outsourcing Service Outsourcing Service Outsourcing Service Organisation Organisation Provider Organisation Provider Organisation Provider Organisation Provider Outsourcing Sourced Outsourcing Outsourcing Service Knowledge Outsourcing Service Opportunity Services Contracting Strategy Planning Transfer Management Completion Transfer Analysis Management Management Service Service Design Outsourcing Governance People Provider and Approach Management Management Evaluation Deployment Outsourcing Service Relationship Performance Agreements Delivery Management Management Service Value Relationship Transfer Management Management Organisational Technology Change Management Management People Threat Management Management Knowledge Management Technology Management Threat Management April 20, 2010 20
  • 21. Key Capabilities and Constituent Practices for Outsourcing Service Providers Capabilities and Skills Initiation/ Delivery Ongoing Completion 3 Service 1 Service 4 Service 5 Knowledge 6 People 7 Performance 8 Relationship 9 Technology 10 Threat 2 Contracting Design and Transfer Delivery Management Management Management Management Management Management Deployment 3.1 4.1 Plan 7.1 1.1 Resources 2.1 5.1 Share 6.1 Encourage 8.1 Client 9.1 Acquire 10.1 Risk Communicate Service Engagement Transferred In Negotiations Knowledge Innovation Interactions Technology Management Requirements Delivery Objectives 5.2 Provide 6.2 8.2 Select 10.2 1.2 Personnel 3.2 Design and 4.2 Train 7.2 Verify 9.2 Technology 2.2 Pricing Required Participation Suppliers and Engagement Transferred In Deploy Service Clients Processes Licenses Information# in Decisions Partners Risk 2.3 Confirm 3.3 Plan Design 8.3 Manage 10.3 Risk 1.3 Service 4.3 Deliver 5.3 Knowledge 6.3 Work 7.3 Adequate 9.3 Control Existing and Suppliers and Across Continuity Service System Environment Resources Technology Conditions Deployment Partners Engagements 1.4 Resources 4.4 Verify 6.4 Assign 7.4 2.4 Market 3.4 Service 5.4 Process 9.4 Technology Transferred Service Responsibilitie Organisational 8.4 Cultural Fit 10.4 Security Information Specification Assets Integration Out Commitments s Objectives 1.5 Personnel 5.5 7.5 Review 8.5 10.5 2.5 Plan 3.5 Service 4.5 Correct 6.5 Define 9.5 Optimise Transferred Engagement Organisational Stakeholder Intellectual Negotiations Design Problems Roles Technology Out Knowledge Performance Information Property 1.6 Knowledge 4.6 Prevent 9.6 Proactively 10.6 Statutory 2.6 Gather 3.6 Design 6.6 Workforce 7.6 Make 8.6 Client Transferred Known 5.6 Reuse Introduce and Regulatory Requirements Feedback Competencies Improvements Relationships Out Problems Technology Compliance 5.7 Version 6.7 Plan and 7.7 Achieve 8.7 Supplier 2.7 Review 3.7 Verify 4.7 Service 10.7 Disaster and Change Deliver Organisational and Partner Requirements Design Modifications Recovery Control Training Objectives Relationships 6.8 Plan and 2.8 Respond to 3.8 Deploy 4.8 Financial 5.8 Resource 7.8 Capability 8.8 Value Deliver Requirements Service Management Consumption Baselines Creation Training 6.9 2.9 Contract Performance 7.9 Benchmark Roles Feedback 6.10 7.10 Prevent 2.10 Create Performance Potential Contracts Feedback Problems 2.11 Amend 7.11 Deploy 6.11 Rewards Contracts Innovations April 20, 2010 21
  • 22. Key Capabilities and Constituent Practices for End- User Organisations - 1 Outsourcing Capabilities and Skills Analysis Phase Initiation Phase Delivery Phase Completion Phase 1 Outsourcing 2 Outsourcing 3 Outsourcing 4 Service Provider 5 Outsourcing 7 Sourced Services 8 Outsourcing Opportunity 6 Service Transfer Approach Planning Evaluation Agreements Management Completion Analysis 3.1 Establish 7.1 Perform 1.1 Define Current 2.1 Outsourcing 4.1 Communicate 5.1 Negotiations 6.1 Service 8.1 Completion Outsourcing Outsourcing State Approach Requirements Guidelines Transition Planning Project Management 4.2 Evaluate 1.2 Outsourcing 3.2 Service 5.2 Confirm 7.2 Performance 8.2 Service 2.2 Business Case Potential Service 6.2 Verify Design Criteria Definition Existing Conditions Monitoring Continuity Providers 3.3 Service 4.3 Select 8.3 Resources 1.3 Demand 2.3 Governance 6.3 Resources 7.3 Financial Provider Selection Candidate Service 5.3 Negotiations Transfer from Identification Model Transferred Out Management Procedures Providers Service Provider 8.4 Personnel 1.4 Outsourcing 2.4 Impact and 3.4 Evaluation 5.4 Agreement 6.4 Personnel 7.4 Agreement Transfer from Options Risk Analysis Criteria Roles Transferred Out Management Service Provider 3.5 Prepare 7.5 Problem and 8.5 Knowledge 2.5 Outsourcing 5.5 Define SLAs 6.5 Knowledge Service Incident Transfer from Initiation Decision and Measures Transferred Out Requirements Monitoring Service Provider 7.6 Service 5.6 Create Delivery Change Agreements Management 5.7 Amend 7.7 Service Change Agreements Management 7.8 Review Service Performance 7.9 Stakeholder Feedback 7.10 Service Value Analysis 7.11 Continuation Decision April 20, 2010 22
  • 23. Key Capabilities and Constituent Practices for End- User Organisations - 2 Outsourcing Capabilities and Skills Ongoing Phase Competency Governance Environment and Change Focused Focused Focused 13 9 Outsourcing 10 Governance 11 Relationship 12 Value Organisational 14 People 15 Knowledge 16 Technology 17 Threat Strategy Management Management Management Change Management Management Management Management Management Management 12.1 17.1 10.1 11.1 Service 13.1 Prepare for 14.1 Assign 15.1 Provide 9.1 Outsourcing Organisational 16.1 Asset Outsourcing Outsourcing Provider Organisational Outsourcing Required Sponsorship Outsourcing Management Risk Policy Interactions Change Responsibilities Information Performance Management 17.2 10.2 Service 11.2 Service 13.2 9.2 Outsourcing 12.2 Capability 14.2 Personnel 15.2 Knowledge 16.2 License Organisational Provider Provider Stakeholder Constraints Baselines Competencies System Management Risk Management Relationships Involvement Management 14.3 9.3 Potential 10.3 Internal 12.3 Benchmark 11.3 Internal 13.3 Define Organisational 15.3 Market 16.3 Technology 17.3 Intellectual Outsourcing Stakeholder Outsourcing Relationships Future State Outsourcing Information Integration Property Areas Management Processes Competency 10.4 Defined 12.4 Improve 13.4 Human 9.4 Outsourcing 11.4 Issue 14.4 Define 15.4 Lessons 17.4 Security Outsourcing Outsourcing Resource Objectives Management Roles Learned and Privacy Processes Processes Changes 9.5 13.5 10.5 Align Organisational Communicate 15.5 Share Strategy and 11.5 Cultural Fit 12.5 Innovation 17.5 Compliance Outsourcing Organisational Knowledge Architectures Strategy Changes 10.6 Business 11.6 12.6 Business 13.6 17.6 Business Process Collaborative Value and Organisational Continuity Integration Relationships Impact Change 12.7 10.7 Adapt to 11.7 Innovative Outsourcing Business Change Relationships Alignment April 20, 2010 23
  • 24. Analysis Phase • Service Provider • Concerned with analysing operations and functions to identify those services, processes, or functions that could potentially be outsourced − Understanding the current, or as-is, state of the client organisation’s structure and processes − Identifying the relevant criteria for selecting outsourcing opportunities − Identifying outsourcing opportunities to meet outsourcing objectives and criteria − Organising options for outsourcing − Developing and validating the Business Case for each outsourcing option − Identifying the outsourcing approach and governance model for the proposed outsourcing action − Performing impact and risk analyses of the proposed outsourcing action − Making the decision whether or not to source the proposed outsourcing action April 20, 2010 24
  • 25. Initiation Phase • Service Provider • End-User Organisation • Concerned with preparation for and initiation of • Concerned with preparation for and initiation of service delivery managing outsourced services − Gather requirements − Preparing for service selection by developing the − Perform due diligence to validate customer solicitation and criteria for selection information − Soliciting and evaluating potential service − Assess if and how the requirements can be met providers − Prepare for negotiation − Preparing for negotiation by having an − Negotiate and sign contract organisational position on cost, quality and other topics that need to be negotiated − Confirm assumptions − Defining the formal service level agreements and − Confirm responsibilities and commitments service provider performance measures − Design the service − Understanding service provider’s capabilities by − Review the service design gathering information about the service provider − Create service specification and confirming the assumptions that impact commitments − Deploy the service − Establishing a formal agreement with service − Transfer resources - personnel, technology, providers that clearly articulates the clients’ and infrastructure, applications service provider’s responsibilities and − Transition of service commitments − Providing feedback on the service design in order to ensure that the services are meeting the client’s requirements and the agreed-upon commitments − Managing the effective transfer of resources needed for service delivery, including personnel, technology infrastructure and work environment April 20, 2010 25
  • 26. Delivery Phase • Service Provider • End-User Organisation • Concerned with service delivery including • Concerned with monitoring the service management of service delivery, verification provider’s service delivery capabilities, including that commitments are being met and the ongoing monitoring of service provider management of costs associated with the performance to verify that commitments are service provision being met, monitoring changes, management of − Planning and tracking the service delivery the finances and agreements associated with activities the service provision, fostering realistic − Delivering services according to the agreed expectations and performing value analysis commitments − Planning and tracking the outsourcing − Managing the finances associated with the service management activities delivery − Ensuring that services are delivered according to − Identifying and controlling modifications to the the agreed-upon commitments services being provided − Managing the finances associated with the service − Identifying and controlling modifications to delivery associated service commitments − Identifying and controlling modifications to the − Identifying problems that impact the service services being provided or to the associated delivery and taking both preventive and service commitments corrective actions − Facilitating problem resolution for problems that impact the service delivery − Reconciling performance against expectations and ensuring that the service provision returns value to the client organisation April 20, 2010 26
  • 27. Ongoing Phase • Service Provider • End-User Organisation • Management functions that need to • Management functions that need to be performed during the entire be performed during the entire outsourcing lifecycle outsourcing lifecycle − Manage and motivate personnel to − Manage and motivate personnel to effectively deliver services effectively deliver services − Manage relationships with clients, − Manage relationships with clients, suppliers and business partners suppliers and business partners − Measure and review the organisation’s − Measure and review the organisation’s performance and taking action to performance and taking action to improve it improve it − Manage information and knowledge − Manage information and knowledge systems so that personnel have access systems so that personnel have access to the knowledge needed to to the knowledge needed to effectively perform their work effectively perform their work − Identify and control threats to the − Identify and control threats to the organisation’s ability to meet its organisation’s ability to meet its objectives and client requirements objectives and client requirements − Manage the technology, systems and − Manage the technology, systems and applications infrastructure used to applications infrastructure used to support delivery of service support delivery of service April 20, 2010 27
  • 28. Completion Phase • Service Provider • End-User Organisation • Concerned with closing down the • Concerned with closing down the engagement at the end of the outsourcing engagement at the end of the outsourcing lifecycle lifecycle − Manage the transfer of resources to the − Planning for closing down a outsourced new service provider, whether it is to the service and managing the agreement during client or to another service provider the close-down period including managing − Ensure service continuity during transfer the agreement during termination − Identify and transferring the knowledge proceedings, during renewal, or during critical for the delivery of service normal completion − Managing the transfer of resources to the new service provider, whether it is to back to the organisation or to another service provider including the potential transfer of people, technology infrastructure and intellectual property − Ensuring service continuity during the transfer of responsibilities for service provision − Identifying and transferring the knowledge capital critical for the delivery of service April 20, 2010 28
  • 29. Sample Activities by Service Provider and End-User Organisation – Threat Management in Ongoing Phase Ongoing Phase Threat Management Service Provider End-User Organisation Risk Management Outsourcing Risk Management Engagement Risk Organisational Risk Management Risk Across Engagements Intellectual Property Security Security and Privacy Intellectual Property Compliance Statutory and Regulatory Compliance Business Continuity Disaster Recovery April 20, 2010 29
  • 30. Threat Management - Risk Management • Service Provider • End-User Organisation • Risk Management • Outsourcing Risk Management • Scope • Scope − Establish and implement a policy on risk − Establish and implement procedures to identify, management assess and manage outsourcing risks • Activities − Effective risk management is particularly critical in the early stages of a outsourcing initiative, where − Provide support for creating and maintaining a requirements are being organised and service is policy for managing risk being designed to meet those requirements − Document and implement a policy for managing − Problems encountered here can impact the risk success of service delivery and associated − Support the implementation of a policy for business benefits throughout the life of the managing risk initiative. • Activities − Provide support for creating and maintaining the procedures for identifying, assessing and managing outsourcing risks − Document and implement the procedures required for identifying, assessing and managing outsourcing risks − Support the implementation of identifying, assessing and managing outsourcing risks April 20, 2010 30
  • 31. Threat Management - Risk Management • Service Provider • End-User Organisation • Engagement Risk • Organisational Risk Management • Scope • Scope − Identify, assess and manage risks specific to the − Establish and implement procedures to manage client engagement risks across multiple outsourced services and service providers • Activities − Effective identification and assessment of risks − Provide support for creating and maintaining the enables the client organisation to take mitigating work products and tasks for identifying, assessing actions to lower the impact should a risk event and managing engagement-specific risks occur − Document and implement the work products and − Effective risk management improves the activities required to identify, assess and manage stakeholders’ confidence in the client engagement-specific risks organisation’s ability to maintain needed services − Support the implementation of identifying, and service levels assessing and managing engagement-specific risks • Activities − Provide support for creating and maintaining the procedures for managing risks across multiple outsourced services and service providers − Document and implement the procedures required for managing risks across multiple outsourced services and service providers − Support the implementation of managing risks across multiple outsourced services and service providers April 20, 2010 31
  • 32. Threat Management - Risk Management • Service Provider • Risk Across Engagements • Scope − Establish and implement procedures to manage risks across client engagements • Activities − Provide support for creating and maintaining the procedures for managing risks across client engagements − Document and implement the procedures for managing risks across client engagements − Support the implementation of the procedures for managing risks across client engagements April 20, 2010 32
  • 33. Threat Management - Security and Privacy • Service Provider • End-User Organisation • Security • Security and Privacy • Scope • Scope − Establish and implement procedures to meet − Establish and implement procedures to meet security requirements security and privacy requirements • Activities − Breakdowns, such as security breaches, can impact the client organisation’s ability to provide − Provide support for creating and maintaining the business continuity, thereby damaging the procedures for meeting security requirements relationship and making the involved parties − Document and implement the procedures for vulnerable to legal action meeting security requirements − Effective security is essential for meeting privacy − Support the implementation of the procedures for requirements and protecting intellectual property meeting security requirements − Security requirements may come from the client organisation or statutes and regulations governing the service being delivered • Activities − Provide support for creating and maintaining the procedures for meeting security and privacy requirements − Document and implement the procedures required for meeting security and privacy requirements − Support the implementation of meeting security and privacy requirements April 20, 2010 33
  • 34. Threat Management - Intellectual Property • Service Provider • End-User Organisation • Intellectual Property • Intellectual Property • Scope • Scope − Establish and implement procedures to protect − Establish and implement procedures to protect the intellectual property of stakeholders the intellectual property of stakeholders • Activities − Inappropriate use or disclosure of intellectual property can damage the relationship with − Provide support for creating and maintaining the stakeholders, may cause financial loss and make procedures for protecting the intellectual the client organisation vulnerable to disputes or property of stakeholders legal action − Document and implement the procedures for − Organisation should have a formalised policy on protecting the intellectual property of the protection of intellectual property that is used stakeholders to provide direction for creating the procedures − Support the implementation of the procedures for on protection of intellectual property protecting the intellectual property of stakeholders • Activities − Provide support for creating and maintaining the procedures for protecting the intellectual property of stakeholders − Document and implement the procedures required for protecting the intellectual property of stakeholders − Support the implementation of protecting the intellectual property of stakeholders April 20, 2010 34
  • 35. Threat Management - Compliance • Service Provider • End-User Organisation • Statutory and Regulatory Compliance • Compliance • Scope • Scope − Establish and implement procedures to comply − Establish and implement procedures to comply with statutory and regulatory requirements with applicable standards and statutory and regulatory requirements • Activities − Client organisation must implement procedures − Provide support for creating and maintaining the to address governance, risk and compliance procedures for statutory and regulatory − Procedures ensure that they comply with compliance standards, statutes and regulations that impact − Document and implement the procedures for their outsourcing capability and their outsourced statutory and regulatory compliance services in order to meet statutory, regulatory − Support the implementation of the procedures for and stakeholder requirements and to avoid statutory and regulatory compliance stakeholder dissatisfaction and legal or audit issues • Activities − Provide support for creating and maintaining the procedures for complying with applicable standards and statutory and regulatory requirements − Document and implement the procedures required for complying with applicable standards and statutory and regulatory requirements − Support the implementation of complying with applicable standards and statutory and regulatory requirements April 20, 2010 35
  • 36. Threat Management - Disaster Recovery and Business Continuity • Service Provider • End-User Organisation • Disaster Recovery • Business Continuity • Scope • Scope − Establish and implement disaster recovery − Establish and implement procedures to ensure procedures business continuity of outsourced services • Activities − Prepare for possible disasters in order to minimise their impact on the client organisation’s ability to − Provide support for creating and maintaining the continue business activities procedures for disaster recovery − Preparation covers service delivery, security, the − Document and implement the procedures for protection of intellectual property, crisis disaster recovery management and the safety of personnel and − Support the implementation of the procedures for promotes confidence in the client organisation’s disaster recovery and service providers’ ability to react effectively to adverse situations • Activities − Provide support for creating and maintaining the procedures for ensuring business continuity of outsourced services − Document and implement the procedures required for ensuring business continuity of outsourced services − Support the implementation of ensuring business continuity of outsourced services April 20, 2010 36
  • 37. Benefits of Structured Approach • Service Provider • End-User Organisation • Minimises problems • Provides structured approach to • Provides common language evaluating and adopting outsourcing • Provides common understanding of • Demonstrates due diligence in roles and responsibilities selecting outsourcing partner • Provides mechanism for resolving • Provides common understanding of issues roles and responsibilities • Know what is expected and what • Provides mechanism for resolving should be done issues • Knows service to be provided and measures delivery April 20, 2010 37
  • 38. Summary • Outsourcing experiences and implementations has been poor • A structured approach to implementing outsourcing arrangements by both providers and end-users can enable effective outsourcing • A common language and a common understanding of roles and responsibilities will reduce problems and assist in issue resolution April 20, 2010 38
  • 39. More Information Alan McSweeney alan@alanmcsweeney.com April 20, 2010 39

×