The Eight Steps to Good Co-Sourcing Governance

From a governance perspective, any co-sourcing or out-source contract can only out-source the function not the responsibility. Any organisation that is working with third parties to provide functions, need to have a vendor management system in place. This doesn’t have to be overkill, but ensure that you have regular vendor meetings, document the meetings and hold the vendor to account to the contract and the service levels that the contract documents.

Good Supplier Security

Learn Target’s Lessons. If the Target breach taught us anything it is that vendors are a threat vector. Choose your vendors well, and ensure that they are following and meeting your security standards/expectations.

Key Points

• Security should be part of your vendor selection criteria
• Security should be part of your vendor contract
• Brief your vendors on your security standards and expectations
• Take your vendors through your security awareness training
• If your vendors or the services they provide are part of your BCP or incident response capability, ensure they have this information

8 Steps to Cybersecurity – A Whole Company Issue

Cybersecurity is the responsibility of the whole company. No matter how good, efficient or effective, no single part of the company can secure the whole company alone. That is a key point. Ensure your small security teams are engaging with the rest of the organisation. Running regular cybersecurity awareness training can protect your staff both at work and at home.

That concludes this series of blogs on how business can magnify their cyber resources, flex up or down according to their requirements and the beauty of co-sourcing arrangements. The key points from this series are:

1. Cybersecurity is an evolving and maturing threat.
2. Magnify your resources using technology and co-sourcing.
3. Organisation’s security teams often don’t have the bandwidth or expertise, a different approach is needed.
4. Pick the right partner for your organisation.
5. Choose the right functions to seek help with.
6. Maintain good governance, outsource function not responsibility.
7. Ensure your suppliers and partners maintain your security.
8. Ensure that the whole organisation is working together to mitigate the vulnerabilities.

The key message is that co-sourcing is the way to go. It provides organisations with greater flexibility, better cost control and access to a greater breadth of knowledge and resources than any of the other models whether that is hiring full time or part time employees.

The co-sourcing model, however, is about getting close to an organisation working closely with existing employees supplementing and magnifying their capabilities. Consulting arrangements are ideal for a specific project – saying the introduction of new software in a business – co-sourcing gives both parties to go further though, allowing strategic initiatives to be implemented. Critically co-sourcing means forming a partnership that seeks to augment your organization’s existing capability and bandwidth.

Darren Wray