IT Security and Compliance Seen Key in Outsourcing Relationships

Experience, trust and vigilance must be priorities in selecting service providers, CSC exec says

Experience, trust and vigilance must be priorities in selecting service providers, CSC exec says

El Segundo, CA — April 8, 2005 — In an era of increased accountability, companies that outsource some portion of their internal processes have to be more alert than ever in securing partners who provide deep expertise in information technology (IT) security and compliance monitoring, advised Russ Owen, president of Global Infrastructure Services (GIS) for Computer Sciences Corporation, speaking at a conference on outsourcing this week.

Owen, along with other industry executives at the Gartner Outsourcing Summit held in Los Angeles April 4-6, participated in a keynote panel session that addressed sourcing and security compliance.

"The relationship between the company and outsourcer is more than a contract; it's a marriage," he said. "Trust is essential." Other characteristics he cited include cultural compatibility, communication, openness and the flexibility to adjust to change both as a result of business change and new compliance legislation. "The customer needs complete visibility, and the process must be collaborative with a shared risk management approach," he added.

Owen said companies considering outsourcing should begin by getting a clear picture of the service provider's experience and capabilities. "You want excellent depth of systems management experience, lots of protective security layers and outstanding forensics capabilities," he said. "A perimeter defense won't save you. The approach must be multi-layered and regularly tested."

In addition, Owen stressed vigilance on the part of the outsourcer. "There must be thorough and proactive monitoring and detection for both the physical and technical environments, coupled with continual refresh of policies and processes."

When the panel was asked how service providers cope with security and compliance on a global basis, Owen stressed consistency, regardless of location. "We've implemented a horizontal approach," he said. "To ensure consistency around the world, we've incorporated regional and industry best practices into our global model. Additionally, we can layer on strict regional requirements. For example, employee privacy requirements are very stringent in Europe — similar to HIPAA in the U.S. — and the U.S. has strict accounting standards through such legislation as Sarbanes-Oxley. We have to be able to adhere to these standards globally to ensure consistency."

While efforts regarding compliance are consuming considerable time and resources, they bring an important benefit, said Owen. "Clients are thinking end to end — some for the first time. This often results in reduced costs and increased efficiency. For example, a client will think they have 13 payroll systems. Through global compliance audits, we discover there are actually 27. This realization prompts the client to accelerate consolidation efforts to standard platforms as the most efficient means of maintaining compliance."

As president of GIS, Owen is responsible for the global technology infrastructure that supports the company's worldwide outsourcing client base and CSC's internal operations. He joined CSC in 1992 from General Dynamics.

Founded in 1959, Computer Sciences Corporation is a global IT services company.

Additional Articles of Interest

For more information on procurement business process outsourcing (BPO), see the following articles: