How Secure Is Your BPO Partner?

Business process outsourcing (BPO) has grown up. These days it’s a well-respected strategy for organisations looking to do more with less.

Understanding the case for outsourcing isn’t the same as picking a BPO partner, of course. There are literally thousands of suppliers of all shapes and sizes; how do you know which is the right one for your organisation?

We reckon it’s worth testing three areas when considering a potential outsourcing partner. The answers will go a long way to helping you pick the right supplier. I’ll look at each area in a series of posts, starting with a biggie: security.

Security matters in outsourcing because your intended outsourcing partner will almost certainly have access to confidential data such as customer IDs, internal directories, price lists and staff contacts. In many cases, BPO partners will also have access to, say, your IT helpdesk ticket platform or some other internal system.

That means you’ll need confidence that your data is in safe hands. You can test for that confidence with questions like these:

• Ask first about the supplier’s “security hygiene”. Just how disciplined is it with standard security protocols like updating software patches and with regular password refreshes? And how prepared is it if a patch introduces fresh problems and needs to be rolled back?
• Ask for the supplier’s cybersecurity precautions. Does it, for example, run firewalls and does it maintain up to date whitelists and blacklists?
• Can it audit your personal computers and its own every month for software licensing?
• What security levels does the supplier run on its own enterprise apps?
• Ask about the supplier’s staff. Are they subject to background checks before they’re hired? What training do they receive in the apps they’ll use on your behalf? How much experience will they have before they can work on your account?
• Probe for the supplier’s workplace security policy. Is it documented and, if so, does it cover everything from acceptable use to change management and remote access?

Some of these areas might sound routine but you’d be surprised how often the security basics don’t get done. At DSS we treat them all as baselines and we very often find that our security practices are more thorough and more consistently applied than our customers’.

There’s more to the security story. I’ll cover security compliance, infrastructure security and other areas in a subsequent post, and then move on to the other two topics you should discuss with a potential partner: cost models and what you might call bridging the language divide. In the meantime, we’re always ready to talk about making outsourcing work for you. Drop me a note anytime.

 

Anthony Moore

Client Delivery Director