21 November 2016Outsourced your IT? It’s still down to you to protect your data
While outsourcing your IT services is a great way to get experienced IT staff at an attractive price, it doesn’t mean you get to pass on the responsibility for your data security.In fact, outsourcing your IT creates a whole new range of pitfalls to be aware of.
Why outsource in the first place?
We are finding new ways to use applications and devices to improve our personal and business lives. In the digital age with technology advancing at a daily rate, businesses whose core activities are not IT may not want to spend money on costly technology and processes which start to depreciate in value from the moment of purchase.
In addition there are costs to manage, maintain and secure the systems and to train and retain staff, so it is understandable why an organisation would look to outsource to a third party supplier. A business can free up costs to focus on their core activities rather than tie up costs with IT infrastructure. Plus capacity can quickly be added or removed depending on the demands of business, especially if it is a seasonal one. However it is also important to select your outsourced service provider carefully. You should compare the market by differentiating their service from other, similar providers. This will ensure that you are getting the best possible value for money as well as a competitive service.
However if you are thinking about making this step or have already done so, it is important to understand that there are risks involved. By contracting to a third party supplier you are not outsourcing these risks and you are as accountable as if you were operating your own system.
Don’t forget to protect your data.
The belief that by outsourcing one of the most critical parts of your business operations you free yourself from security responsibilities and can pass any liability to a third party is misguided. This is something which the Information Commissioners Office (ICO) constantly reminds businesses about. You should make sure you draw up a clear data protection policy for your business and the third-party company to follow and have a plan in place for if things go wrong.
Watch out for these terms.
Once you’ve decided on a provider, it’s time to scrutinise the contract. Your supplier will ask you to sign their terms and conditions before providing you with a service, protecting them should anything go wrong. You should check the T&Cs carefully to make sure you are clear on your exposures and responsibilities. Look out for these clauses because if you aren’t careful, they could pin the liability for any mishaps on you.
- Avoid auto-renewal:whilst you may agree an initial term for services, suppliers will often seek to include an automatic extension right to the services unless you formally give notice of termination within a period of time before what you think is the end of the contract. This can sometimes be several months ahead of the contract end date, well before you are even thinking about what you should be doing next.
- Liability under contract: a third party IT supplier may seek to limit their exposure to negligence to the value of the contract or a very low amount - whichever is less. This could limit any recovery you could make against your supplier should they lose your - or your clients’ - data and you are the subsequent recipient of a fine or legal case.
- No responsibility for data: most data centres will make it clear they do not accept responsibility for client data outside of their own negligence. If data is therefore lost, destroyed or corrupted it will be your responsibility and your bottom line that is affected.
Top tips for successful outsourcing
- Make sure you have strong security policies in place
Draw up data protection, privacy and intellectual property policies and make sure these are carried out. These policies should distinguish between sensitive and common data and outline how both are treated. You should also have a plan of action in case of a data breach. Each policy should have clear guidelines, making it easier to enforce.
- Communication is key
Effective outsourcing depends on an open dialogue between the business and the third-party. When setting up with your provider, you should clearly state how often and how you will communicate and stick to it. Be specific about what you expect to achieve and it will be easier for the provider to deliver.
- Where are your services coming from?
While cost is often a key factor in choosing to outsource, you should also factor in location, time zone differences and any potential language barrier. Overseas companies may also be subject to different privacy regulations or laws, adding an additional layer of complexity that providers in your own country won’t have.
- Limit data access
It may seem common sense, but you do not have to share all the data you collect with your third-party provider. By limiting their access to only the relevant parts, it will reduce the amount of people with access to your data and reduce the risk of it being compromised.
- Audit, review and revise
The IT industry is constantly changing, and your security policies will need to be able to keep up. You should carry out regular audits of your database and network security. By identifying potential issues before they happen, you can ensure your security policies remain relevant.
To find out more about our modular recruitment insurance solution and request a call back, please visit our website