Contact Us | Software Project Planning | Offshore Outsourcing Costs | Offshoring | Choosing Provider | BPO Or ITO | Waterfall Approach | EXtremal Testing | Overview Of Methodologies | When Outsourcing Is Feasible | Outsourcing Risks | Agile Approach Review | Risk Management Basics | History Of Outsourcing | Home | Links To Partners | Site Map
Outsourcing Software Team
Micky Hackins
"Use your time to improve your process..."

While offshoring is associated with high security risks, the threat of confidential data loss is not irreducible.

Software Outsourcing opponents like to stress insecurity of outsourcing projects among other disadvantages and risks of the activity. Assuming that Software development projects are often outsourced to less developed countries and such projects are connected with keeping and transferring sensitive data as well, they are correct in arguing that.

Since everyone has acknowledged that Software Outsourcing is here to stay, there were a lot of legislative initiatives in many states of the USA aimed at decreasing this threat. In 2002 – 2004 legislative bodies of many states issued acts which in general provided obligation to get permission from authorities to transfer confidential data to offshore service providers. To get such permission, an outsourcer has to prove the provider’s reliability.

Certainly, sending your secure data to offshore programming team is a high risk. This risk is connected with many aspects which can be categorized into technical, human and legal risks. Technical risks are caused by using outdated equipment and processes which can be hacked. Another risk of outdated facilities is connected with the probability of information loss due to various faults.

Human aspect covers level of reliability of the programming team you send your data to. In Software Outsourcing projects you have neither physical nor psychological control over people involved in Software development process, thus you cannot be sure that your data or pieces of code are not sold to competitors or fraudsters. In many offshore Software development companies they prohibit employees to enter an office with any kind of digital recording device. It really helps to prevent unauthorized usage of confidential and proprietary data.

Legal aspect exists because many Software Outsourcing countries still have poor legislation in the field of privacy and data protection.

However these risks are not fatal. Software Outsourcing will survive because there are the methods helping to decrease and eliminate majority of security threats. Professional onshore security management is a solution.

Pre-contractual audit is a vital activity in outsourcing Software development projects. You can either do it yourself or hire third-party professionals. The audit must include checking vendor’s processes and procedures as well as testing of key equipment which will be used in your Software Development Project. International certifications (like CMMI) are the advantage but they do not guarantee company’s reliability. Only your independent review and testing can assure that everything is done just like it is written in vendor’s policies and other documents.

When contracting, SLA must cover all the aspects of your co-operation with programming team. It must cover all your security needs including requirements for data storage and transfer, regular data backup and documentation, references to legislative acts (of your country, provider’s country and international law) which must be used in case of violation.

These activities together with small onshore management team or a single person responsible for permanent monitoring of Software Outsourcing Software Development Project really help to prevent majority of security risks associated with sending sensitive data to offshore teams.

Released online: 8/13/2007

 

Offshoring | Choosing Provider | Overview Of Methodologies | Links To Partners | Site Map
Live Chat With Technical Expert
© Goodwin Outsource LLC., 2006-2008. All rights reserved.
Valid XHTML 1.0 Strict  Valid CSS!