Describe at a high-level a structured approach to implementing outsourcing/managed services from both service provider and end-user organisation Provide a high-level view of a common set of processes to be used by service providers and end-user organisations to implement and operate an outsourcing/managed services arrangement

1. Outsourcing/Managed
Services: Developing a
Common Language Between
Suppliers and Purchasers to
Reduce Risk
Alan McSweeney

2. Objectives
• Describe at a high-level a structured approach to
implementing outsourcing/managed services from both
service provider and end-user organisation
April 20, 2010 2

3. Scope
• Provide a high-level view of a common set of processes to
be used by service providers and end-user organisations to
implement and operate an outsourcing/managed services
arrangement
April 20, 2010 3

4. What is Outsourcing
• Outsourcing is delegating the responsibility for performing
an information technology or business function to a third
party
• You outsource because the outsourcing supplier will do:
− What the organisation currently does
− At the same or better level of performance
− For the same or lower price
April 20, 2010 4

5. Advantages of Managed Services
• Better use of staff: allows agencies to focus human
resources on strategic planning and core mission support
• Cost savings: choose not to build and support IT and
network infrastructure available in the commercial sector;
use limited capital to purchase needed service levels and
reduce total cost of ownership
• Ability to use optimal technologies: adjust types and mix of
hardware, software, skilled labour, capital investment and
technology to support changes in mission needs
• Rapid response to organisation and business changes:
supplier is measured by ability to produce solutions
April 20, 2010 5

6. Types of Outsourcing Arrangement
• Efficiency/Utility (Make it Cheaper) arrangement outsourcing
focuses primarily on cost control and, over time, cost reduction, with
the goal of maintaining consistency in the delivery of services
• Business Enhancement (Make it Better) arrangement is about
business productivity. The organisation’s performance, as compared
with their competitors, will improve, resulting in movement toward
defined business goals
• Transformational (Make me Money) arrangement is characterised
by a partnership between the service provider and service recipient
that is focused on innovation and new business, changing the very
basis on which an organisation competes
April 20, 2010 6

7. Benefits of Managed Services
• Managed Services offers an alternative approach for a client to acquire IT or telecom
support services
− Managed services solutions are designed and delivered by service providers according to a
predefined statement of deliverables and generally includes end-to-end service, service level
agreements, and assets (if desired)
• A managed service typically includes monthly recurring service-based pricing offering a
more predictable cost approach for the client
• Ongoing visibility of operational performance is provided and managed through pre-agreed
performance parameters (known as service-level agreements)
− The client may include their unique performance requirements such as degree of control and
visibility, security, availability, capacity, service continuity and other requirements as it relates to
the specific service
• Because this is a core competency, the service provider is able to optimise the best balance
of facilities, processes, resources, tools, and metrics, resulting in the best overall value for
the client
− Cost effectiveness is typically achieved through instituting process standards and establishing and
supporting a standard operating environment (SOE) consisting of COTS (Commercial Of the Shelf)
services and solutions
• Managed services can be delivered either in a BOCO (Business-owned, contractor-
operated) or COCO (contractor-owned, contractor-operated) model and is largely based on
client preference
April 20, 2010 7

8. Outsourcing Organisations - Developing a Vision for
IT Services is Required
• What do we do today?
• What do our customers want us to do?
• What changes do we need to make to align with our
customers needs?
• How will they pay for those services?
• How will we deliver those services consistently and
measure their delivery?
• What kind of organisation (Governance/Contract
Management/Structures/Staff/Skills/Service Providers) will
we need to achieve it?
• What service management processes we should use?
April 20, 2010 8

9. Reasons Organisations Outsource
Reduce And Control Operating
17%
Costs
Improve Company Focus 16%
Gain Access To World-Class
12%
Capabilities
Free Resources For Other
12%
Purposes
Resources Not Available
8%
Internally
Reduce Time To Market 6%
Take Advantage Of
6%
Capabilities
Accelerate Reengineering
4%
Benefits
Share Risks 3%
Function Difficult To Manage
3%
Or Out Of Control
April 20, 2010 9

10. Outsourcing Experiences
• 13% to 25% of outsourcing contracts are brought in-house
within the first two years
• Buyers replace 80% of their service contractors in the first
three years
• Contractors turn over 40% of their contracts each year, on
average
• Nearly 70% outsourcing organisations feel their service
provider does adequately understand what they are
supposed to do
April 20, 2010 10

11. Key Issues For Successful Outsourcing
• Many outsourcing relationships fail, are terminated early,
are unsatisfactory to either or both of the service provider
and the client
• Outsourcing is a business issues and should be treated as
such
• Many common issues, problems and concerns arise across
outsourcing contracts
• Learn from the issues to avoid them
April 20, 2010 11

12. Hidden Costs of Outsourcing
• Transfer of knowledge
− Processes and procedures
− Documentation
− Personal knowledge
• Quality issues and their resolution
− Inspection programmes
− Sustaining quality programmes
− Cost of rework
• Communication
− Poor customer service
− Daily operational issues
April 20, 2010 12

13. Phases of Outsourcing Relationship
Ongoing
Analysis Initiation Delivery Completion
For outsourcing organisation
For both outsourcing organisation and service provider
April 20, 2010 13

14. Phases of Outsourcing Relationship
Phase Outsourcing Organisation Service Provider
Analysis Analyse operations and functions to
identify those services, processes or
functions that could potentially be
outsourced and develops the approach
to be taken to source the identified
opportunities
Initiation Prepare for and transition to provision Prepare for and transition to provision of
of service service
Delivery Provide service and manage and Provide service and manage and measure its
measure its provision provision
Completion Close-out the service after the contract Close-out the service after the contract ends
ends or the service has been terminated or the service has been terminated
Ongoing Management of outsourcing lifecycle Management of outsourcing lifecycle
April 20, 2010 14

15. Roles of Service Provider and Outsourcing Organisation
During Phases of Outsourcing Relationship
Service Provider Outsourcing Organisation
Determine if outsourcing represents a business
Analysis opportunity
Plan for outsourcing of selected services, evaluate and
Prepare for service transition, transfer resources and
select a service provider, create an outsourcing
Initiation personnel from outsourcing organisation and ensure
agreement and transfer resources and personnel to
service continuity
service provider
Implement the capability to manage the service
Define and agree requirements, negotiate contract, provider, administer the agreement and the issues,
Delivery plan, design and deploy service, implement service challenges and changes that arise after the agreement
delivery has been reached, reviewing the service provider’s
performance
Implement knowledge management processes, Develop outsourcing strategy management, manage
perform people management, implement relationship with service provider, ensure value,
Ongoing performance management, manage relationship, implement knowledge management processes,
manage technology and manage risks and threats manage technology and manage risks and threats
Prepare for service transition, transfer resources and Plan for completion, ensure service continuity,
Completion personnel from outsourcing organisation and ensure transfer resources and personnel from outsourcing
service continuity organisation and transfer knowledge
April 20, 2010 15

16. Roles of Service Provider and Outsourcing Organisation
During Phases of Outsourcing Relationship
Common
Language
Service Provider
and
Expectations
Analysis Initiation Delivery Ongoing Completion
Agreed Roles
and Outsourcing Organisation
Responsibilities
April 20, 2010 16

17. Key Capabilities and Constituent Practices
• Idealised set of steps for a service provider and end-user
organisations and outsourcing organisation to perform
when taking on a new outsourcing service
• Provides a detailed checklist of work to be done
• Each practices contains a set of activities and tasks
• Can be modified to suit the circumstances: scope of
outsourcing, size of service, duration of contract
• Can forms the basis of a project plan for elements of
outsourcing work such as initiation
• Reduces risk of failure
April 20, 2010 17

18. Key Capabilities Within Outsourcing Lifecycle for
Service Providers
People Performance Relationship Technology
Management Management Management Management
Knowledge Threat
Management Ongoing Management
Initiation Delivery Completion
Service Design
Service Service Service
Contracting and
Transfer Delivery Transfer
Deployment
April 20, 2010 18

19. Key Capabilities Within Outsourcing Lifecycle for
End-User Organisations
Outsourcing Organisational
Governance Relationship Value
Strategy Change
Management Management Management
Management Management
Technology People
Management Management
Ongoing
Threat Knowledge
Management Management
Analysis Initiation Delivery Completion
Outsourcing
Opportunity
Analysis
Outsourcing Outsourcing Outsourcing
Planning Agreements Completion
Outsourcing
Approach Service Sourced
Service
Provider Services
Transfer
Evaluation Management
April 20, 2010 19

20. Key Capabilities Within Outsourcing Lifecycle for
Service Providers and End-User Organisations
Outsourcing
Capabilities
and Skills
Analysis Initiation Delivery Ongoing Completion
Outsourcing Outsourcing Service Outsourcing Service Outsourcing Service Outsourcing Service
Organisation Organisation Provider Organisation Provider Organisation Provider Organisation Provider
Outsourcing Sourced Outsourcing
Outsourcing Service Knowledge Outsourcing Service
Opportunity Services Contracting Strategy
Planning Transfer Management Completion Transfer
Analysis Management Management
Service Service Design
Outsourcing Governance People
Provider and
Approach Management Management
Evaluation Deployment
Outsourcing Service Relationship Performance
Agreements Delivery Management Management
Service Value Relationship
Transfer Management Management
Organisational
Technology
Change
Management
Management
People Threat
Management Management
Knowledge
Management
Technology
Management
Threat
Management
April 20, 2010 20

21. Key Capabilities and Constituent Practices for
Outsourcing
Service Providers Capabilities
and Skills
Initiation/
Delivery Ongoing
Completion
3 Service
1 Service 4 Service 5 Knowledge 6 People 7 Performance 8 Relationship 9 Technology 10 Threat
2 Contracting Design and
Transfer Delivery Management Management Management Management Management Management
Deployment
3.1 4.1 Plan 7.1
1.1 Resources 2.1 5.1 Share 6.1 Encourage 8.1 Client 9.1 Acquire 10.1 Risk
Communicate Service Engagement
Transferred In Negotiations Knowledge Innovation Interactions Technology Management
Requirements Delivery Objectives
5.2 Provide 6.2 8.2 Select 10.2
1.2 Personnel 3.2 Design and 4.2 Train 7.2 Verify 9.2 Technology
2.2 Pricing Required Participation Suppliers and Engagement
Transferred In Deploy Service Clients Processes Licenses
Information# in Decisions Partners Risk
2.3 Confirm 3.3 Plan Design 8.3 Manage 10.3 Risk
1.3 Service 4.3 Deliver 5.3 Knowledge 6.3 Work 7.3 Adequate 9.3 Control
Existing and Suppliers and Across
Continuity Service System Environment Resources Technology
Conditions Deployment Partners Engagements
1.4 Resources 4.4 Verify 6.4 Assign 7.4
2.4 Market 3.4 Service 5.4 Process 9.4 Technology
Transferred Service Responsibilitie Organisational 8.4 Cultural Fit 10.4 Security
Information Specification Assets Integration
Out Commitments s Objectives
1.5 Personnel 5.5 7.5 Review 8.5 10.5
2.5 Plan 3.5 Service 4.5 Correct 6.5 Define 9.5 Optimise
Transferred Engagement Organisational Stakeholder Intellectual
Negotiations Design Problems Roles Technology
Out Knowledge Performance Information Property
1.6 Knowledge 4.6 Prevent 9.6 Proactively 10.6 Statutory
2.6 Gather 3.6 Design 6.6 Workforce 7.6 Make 8.6 Client
Transferred Known 5.6 Reuse Introduce and Regulatory
Requirements Feedback Competencies Improvements Relationships
Out Problems Technology Compliance
5.7 Version 6.7 Plan and 7.7 Achieve 8.7 Supplier
2.7 Review 3.7 Verify 4.7 Service 10.7 Disaster
and Change Deliver Organisational and Partner
Requirements Design Modifications Recovery
Control Training Objectives Relationships
6.8 Plan and
2.8 Respond to 3.8 Deploy 4.8 Financial 5.8 Resource 7.8 Capability 8.8 Value
Deliver
Requirements Service Management Consumption Baselines Creation
Training
6.9
2.9 Contract
Performance 7.9 Benchmark
Roles
Feedback
6.10 7.10 Prevent
2.10 Create
Performance Potential
Contracts
Feedback Problems
2.11 Amend 7.11 Deploy
6.11 Rewards
Contracts Innovations
April 20, 2010 21

22. Key Capabilities and Constituent Practices for End-
User Organisations - 1 Outsourcing
Capabilities and
Skills
Analysis Phase Initiation Phase Delivery Phase Completion Phase
1 Outsourcing
2 Outsourcing 3 Outsourcing 4 Service Provider 5 Outsourcing 7 Sourced Services 8 Outsourcing
Opportunity 6 Service Transfer
Approach Planning Evaluation Agreements Management Completion
Analysis
3.1 Establish 7.1 Perform
1.1 Define Current 2.1 Outsourcing 4.1 Communicate 5.1 Negotiations 6.1 Service 8.1 Completion
Outsourcing Outsourcing
State Approach Requirements Guidelines Transition Planning
Project Management
4.2 Evaluate
1.2 Outsourcing 3.2 Service 5.2 Confirm 7.2 Performance 8.2 Service
2.2 Business Case Potential Service 6.2 Verify Design
Criteria Definition Existing Conditions Monitoring Continuity
Providers
3.3 Service 4.3 Select 8.3 Resources
1.3 Demand 2.3 Governance 6.3 Resources 7.3 Financial
Provider Selection Candidate Service 5.3 Negotiations Transfer from
Identification Model Transferred Out Management
Procedures Providers Service Provider
8.4 Personnel
1.4 Outsourcing 2.4 Impact and 3.4 Evaluation 5.4 Agreement 6.4 Personnel 7.4 Agreement
Transfer from
Options Risk Analysis Criteria Roles Transferred Out Management
Service Provider
3.5 Prepare 7.5 Problem and 8.5 Knowledge
2.5 Outsourcing 5.5 Define SLAs 6.5 Knowledge
Service Incident Transfer from
Initiation Decision and Measures Transferred Out
Requirements Monitoring Service Provider
7.6 Service
5.6 Create
Delivery Change
Agreements
Management
5.7 Amend 7.7 Service Change
Agreements Management
7.8 Review Service
Performance
7.9 Stakeholder
Feedback
7.10 Service Value
Analysis
7.11 Continuation
Decision
April 20, 2010 22

23. Key Capabilities and Constituent Practices for End-
User Organisations - 2 Outsourcing
Capabilities and
Skills
Ongoing Phase
Competency
Governance Environment
and Change
Focused Focused
Focused
13
9 Outsourcing
10 Governance 11 Relationship 12 Value Organisational 14 People 15 Knowledge 16 Technology 17 Threat
Strategy
Management Management Management Change Management Management Management Management
Management
Management
12.1 17.1
10.1 11.1 Service 13.1 Prepare for 14.1 Assign 15.1 Provide
9.1 Outsourcing Organisational 16.1 Asset Outsourcing
Outsourcing Provider Organisational Outsourcing Required
Sponsorship Outsourcing Management Risk
Policy Interactions Change Responsibilities Information
Performance Management
17.2
10.2 Service 11.2 Service 13.2
9.2 Outsourcing 12.2 Capability 14.2 Personnel 15.2 Knowledge 16.2 License Organisational
Provider Provider Stakeholder
Constraints Baselines Competencies System Management Risk
Management Relationships Involvement
Management
14.3
9.3 Potential 10.3 Internal 12.3 Benchmark
11.3 Internal 13.3 Define Organisational 15.3 Market 16.3 Technology 17.3 Intellectual
Outsourcing Stakeholder Outsourcing
Relationships Future State Outsourcing Information Integration Property
Areas Management Processes
Competency
10.4 Defined 12.4 Improve 13.4 Human
9.4 Outsourcing 11.4 Issue 14.4 Define 15.4 Lessons 17.4 Security
Outsourcing Outsourcing Resource
Objectives Management Roles Learned and Privacy
Processes Processes Changes
9.5 13.5
10.5 Align
Organisational Communicate 15.5 Share
Strategy and 11.5 Cultural Fit 12.5 Innovation 17.5 Compliance
Outsourcing Organisational Knowledge
Architectures
Strategy Changes
10.6 Business 11.6 12.6 Business 13.6
17.6 Business
Process Collaborative Value and Organisational
Continuity
Integration Relationships Impact Change
12.7
10.7 Adapt to 11.7 Innovative
Outsourcing
Business Change Relationships
Alignment
April 20, 2010 23

24. Analysis Phase
• Service Provider
• Concerned with analysing operations and
functions to identify those services,
processes, or functions that could
potentially be outsourced
− Understanding the current, or as-is, state of
the client organisation’s structure and
processes
− Identifying the relevant criteria for selecting
outsourcing opportunities
− Identifying outsourcing opportunities to
meet outsourcing objectives and criteria
− Organising options for outsourcing
− Developing and validating the Business Case
for each outsourcing option
− Identifying the outsourcing approach and
governance model for the proposed
outsourcing action
− Performing impact and risk analyses of the
proposed outsourcing action
− Making the decision whether or not to
source the proposed outsourcing action
April 20, 2010 24

25. Initiation Phase
• Service Provider • End-User Organisation
• Concerned with preparation for and initiation of • Concerned with preparation for and initiation of
service delivery managing outsourced services
− Gather requirements − Preparing for service selection by developing the
− Perform due diligence to validate customer solicitation and criteria for selection
information − Soliciting and evaluating potential service
− Assess if and how the requirements can be met providers
− Prepare for negotiation − Preparing for negotiation by having an
− Negotiate and sign contract organisational position on cost, quality and other
topics that need to be negotiated
− Confirm assumptions − Defining the formal service level agreements and
− Confirm responsibilities and commitments service provider performance measures
− Design the service − Understanding service provider’s capabilities by
− Review the service design gathering information about the service provider
− Create service specification and confirming the assumptions that impact
commitments
− Deploy the service
− Establishing a formal agreement with service
− Transfer resources - personnel, technology, providers that clearly articulates the clients’ and
infrastructure, applications service provider’s responsibilities and
− Transition of service commitments
− Providing feedback on the service design in order
to ensure that the services are meeting the
client’s requirements and the agreed-upon
commitments
− Managing the effective transfer of resources
needed for service delivery, including personnel,
technology infrastructure and work environment
April 20, 2010 25

26. Delivery Phase
• Service Provider • End-User Organisation
• Concerned with service delivery including • Concerned with monitoring the service
management of service delivery, verification provider’s service delivery capabilities, including
that commitments are being met and the ongoing monitoring of service provider
management of costs associated with the performance to verify that commitments are
service provision being met, monitoring changes, management of
− Planning and tracking the service delivery the finances and agreements associated with
activities the service provision, fostering realistic
− Delivering services according to the agreed expectations and performing value analysis
commitments − Planning and tracking the outsourcing
− Managing the finances associated with the service management activities
delivery − Ensuring that services are delivered according to
− Identifying and controlling modifications to the the agreed-upon commitments
services being provided − Managing the finances associated with the service
− Identifying and controlling modifications to delivery
associated service commitments − Identifying and controlling modifications to the
− Identifying problems that impact the service services being provided or to the associated
delivery and taking both preventive and service commitments
corrective actions − Facilitating problem resolution for problems that
impact the service delivery
− Reconciling performance against expectations and
ensuring that the service provision returns value
to the client organisation
April 20, 2010 26

27. Ongoing Phase
• Service Provider • End-User Organisation
• Management functions that need to • Management functions that need to
be performed during the entire be performed during the entire
outsourcing lifecycle outsourcing lifecycle
− Manage and motivate personnel to − Manage and motivate personnel to
effectively deliver services effectively deliver services
− Manage relationships with clients, − Manage relationships with clients,
suppliers and business partners suppliers and business partners
− Measure and review the organisation’s − Measure and review the organisation’s
performance and taking action to performance and taking action to
improve it improve it
− Manage information and knowledge − Manage information and knowledge
systems so that personnel have access systems so that personnel have access
to the knowledge needed to to the knowledge needed to
effectively perform their work effectively perform their work
− Identify and control threats to the − Identify and control threats to the
organisation’s ability to meet its organisation’s ability to meet its
objectives and client requirements objectives and client requirements
− Manage the technology, systems and − Manage the technology, systems and
applications infrastructure used to applications infrastructure used to
support delivery of service support delivery of service
April 20, 2010 27

28. Completion Phase
• Service Provider • End-User Organisation
• Concerned with closing down the • Concerned with closing down the
engagement at the end of the outsourcing engagement at the end of the outsourcing
lifecycle lifecycle
− Manage the transfer of resources to the − Planning for closing down a outsourced
new service provider, whether it is to the service and managing the agreement during
client or to another service provider the close-down period including managing
− Ensure service continuity during transfer the agreement during termination
− Identify and transferring the knowledge proceedings, during renewal, or during
critical for the delivery of service normal completion
− Managing the transfer of resources to the
new service provider, whether it is to back
to the organisation or to another service
provider including the potential transfer of
people, technology infrastructure and
intellectual property
− Ensuring service continuity during the
transfer of responsibilities for service
provision
− Identifying and transferring the knowledge
capital critical for the delivery of service
April 20, 2010 28

29. Sample Activities by Service Provider and End-User
Organisation – Threat Management in Ongoing Phase
Ongoing Phase
Threat Management
Service Provider End-User Organisation
Risk Management Outsourcing Risk Management
Engagement Risk Organisational Risk Management
Risk Across Engagements Intellectual Property
Security Security and Privacy
Intellectual Property Compliance
Statutory and Regulatory Compliance Business Continuity
Disaster Recovery
April 20, 2010 29

30. Threat Management - Risk Management
• Service Provider • End-User Organisation
• Risk Management • Outsourcing Risk Management
• Scope • Scope
− Establish and implement a policy on risk − Establish and implement procedures to identify,
management assess and manage outsourcing risks
• Activities − Effective risk management is particularly critical in
the early stages of a outsourcing initiative, where
− Provide support for creating and maintaining a requirements are being organised and service is
policy for managing risk being designed to meet those requirements
− Document and implement a policy for managing − Problems encountered here can impact the
risk success of service delivery and associated
− Support the implementation of a policy for business benefits throughout the life of the
managing risk initiative.
• Activities
− Provide support for creating and maintaining the
procedures for identifying, assessing and
managing outsourcing risks
− Document and implement the procedures
required for identifying, assessing and managing
outsourcing risks
− Support the implementation of identifying,
assessing and managing outsourcing risks
April 20, 2010 30

31. Threat Management - Risk Management
• Service Provider • End-User Organisation
• Engagement Risk • Organisational Risk Management
• Scope • Scope
− Identify, assess and manage risks specific to the − Establish and implement procedures to manage
client engagement risks across multiple outsourced services and
service providers
• Activities − Effective identification and assessment of risks
− Provide support for creating and maintaining the enables the client organisation to take mitigating
work products and tasks for identifying, assessing actions to lower the impact should a risk event
and managing engagement-specific risks occur
− Document and implement the work products and − Effective risk management improves the
activities required to identify, assess and manage stakeholders’ confidence in the client
engagement-specific risks organisation’s ability to maintain needed services
− Support the implementation of identifying, and service levels
assessing and managing engagement-specific risks
• Activities
− Provide support for creating and maintaining the
procedures for managing risks across multiple
outsourced services and service providers
− Document and implement the procedures
required for managing risks across multiple
outsourced services and service providers
− Support the implementation of managing risks
across multiple outsourced services and service
providers
April 20, 2010 31

32. Threat Management - Risk Management
• Service Provider
• Risk Across Engagements
• Scope
− Establish and implement procedures
to manage risks across client
engagements
• Activities
− Provide support for creating and
maintaining the procedures for
managing risks across client
engagements
− Document and implement the
procedures for managing risks across
client engagements
− Support the implementation of the
procedures for managing risks across
client engagements
April 20, 2010 32

33. Threat Management - Security and Privacy
• Service Provider • End-User Organisation
• Security • Security and Privacy
• Scope • Scope
− Establish and implement procedures to meet − Establish and implement procedures to meet
security requirements security and privacy requirements
• Activities − Breakdowns, such as security breaches, can
impact the client organisation’s ability to provide
− Provide support for creating and maintaining the business continuity, thereby damaging the
procedures for meeting security requirements relationship and making the involved parties
− Document and implement the procedures for vulnerable to legal action
meeting security requirements − Effective security is essential for meeting privacy
− Support the implementation of the procedures for requirements and protecting intellectual property
meeting security requirements − Security requirements may come from the client
organisation or statutes and regulations
governing the service being delivered
• Activities
− Provide support for creating and maintaining the
procedures for meeting security and privacy
requirements
− Document and implement the procedures
required for meeting security and privacy
requirements
− Support the implementation of meeting security
and privacy requirements
April 20, 2010 33

34. Threat Management - Intellectual Property
• Service Provider • End-User Organisation
• Intellectual Property • Intellectual Property
• Scope • Scope
− Establish and implement procedures to protect − Establish and implement procedures to protect
the intellectual property of stakeholders the intellectual property of stakeholders
• Activities − Inappropriate use or disclosure of intellectual
property can damage the relationship with
− Provide support for creating and maintaining the stakeholders, may cause financial loss and make
procedures for protecting the intellectual the client organisation vulnerable to disputes or
property of stakeholders legal action
− Document and implement the procedures for − Organisation should have a formalised policy on
protecting the intellectual property of the protection of intellectual property that is used
stakeholders to provide direction for creating the procedures
− Support the implementation of the procedures for on protection of intellectual property
protecting the intellectual property of
stakeholders • Activities
− Provide support for creating and maintaining the
procedures for protecting the intellectual
property of stakeholders
− Document and implement the procedures
required for protecting the intellectual property
of stakeholders
− Support the implementation of protecting the
intellectual property of stakeholders
April 20, 2010 34

35. Threat Management - Compliance
• Service Provider • End-User Organisation
• Statutory and Regulatory Compliance • Compliance
• Scope • Scope
− Establish and implement procedures to comply − Establish and implement procedures to comply
with statutory and regulatory requirements with applicable standards and statutory and
regulatory requirements
• Activities − Client organisation must implement procedures
− Provide support for creating and maintaining the to address governance, risk and compliance
procedures for statutory and regulatory − Procedures ensure that they comply with
compliance standards, statutes and regulations that impact
− Document and implement the procedures for their outsourcing capability and their outsourced
statutory and regulatory compliance services in order to meet statutory, regulatory
− Support the implementation of the procedures for and stakeholder requirements and to avoid
statutory and regulatory compliance stakeholder dissatisfaction and legal or audit
issues
• Activities
− Provide support for creating and maintaining the
procedures for complying with applicable
standards and statutory and regulatory
requirements
− Document and implement the procedures
required for complying with applicable standards
and statutory and regulatory requirements
− Support the implementation of complying with
applicable standards and statutory and regulatory
requirements
April 20, 2010 35

36. Threat Management - Disaster Recovery and
Business Continuity
• Service Provider • End-User Organisation
• Disaster Recovery • Business Continuity
• Scope • Scope
− Establish and implement disaster recovery − Establish and implement procedures to ensure
procedures business continuity of outsourced services
• Activities − Prepare for possible disasters in order to minimise
their impact on the client organisation’s ability to
− Provide support for creating and maintaining the continue business activities
procedures for disaster recovery − Preparation covers service delivery, security, the
− Document and implement the procedures for protection of intellectual property, crisis
disaster recovery management and the safety of personnel and
− Support the implementation of the procedures for promotes confidence in the client organisation’s
disaster recovery and service providers’ ability to react effectively
to adverse situations
• Activities
− Provide support for creating and maintaining the
procedures for ensuring business continuity of
outsourced services
− Document and implement the procedures
required for ensuring business continuity of
outsourced services
− Support the implementation of ensuring business
continuity of outsourced services
April 20, 2010 36

37. Benefits of Structured Approach
• Service Provider • End-User Organisation
• Minimises problems • Provides structured approach to
• Provides common language evaluating and adopting outsourcing
• Provides common understanding of • Demonstrates due diligence in
roles and responsibilities selecting outsourcing partner
• Provides mechanism for resolving • Provides common understanding of
issues roles and responsibilities
• Know what is expected and what • Provides mechanism for resolving
should be done issues
• Knows service to be provided and
measures delivery
April 20, 2010 37

38. Summary
• Outsourcing experiences and implementations has been
poor
• A structured approach to implementing outsourcing
arrangements by both providers and end-users can enable
effective outsourcing
• A common language and a common understanding of roles
and responsibilities will reduce problems and assist in
issue resolution
April 20, 2010 38

39. More Information
Alan McSweeney
alan@alanmcsweeney.com
April 20, 2010 39