Outsourcing of business continuity and Information security – which is the bigger risk?

Outsourcing is prevalent among nearly all facets of business in today’s world, from customer acquisition to marketing to employee training services. However, the two most difficult, and most dangerous, tasks to outsource remain the same across industries: business continuity planning and information security.

Business continuity planning is essentially the work associated with determining the risks and hazards that accompany any venture, and providing a workable plan for overcoming difficulties that may emerge during the life of a business. These hazards might include a lack of usable resources, a lack of qualified or able employees, litigation, hacking or denial of service attacks, vandalism, or natural disasters. Proper continuity planning addresses these potential risks, along with many others, and provides a roadmap for continuing operations in the face of each of them.

Information security is an easier to understand concept, and consists of the management of confidential or sensitive information, such as credit card information or private customer data, and safeguarding that data against intrusion or attack.

All outsourced solutions require both continuity planning and information security at both the point of origin and receipt ”“ this is obvious. However, which is the larger risk? For instance, if an American computer company outsources a helpdesk operation to a remote agency in India, is there a larger danger from potential intrusion and loss of data, or from a potential degradation of business continuity? While this might seem like an academic distinction ”“ both compromised data security and loss of continuity can easily lead to insolvency ”“ determining which of the two carries a larger potential danger gives the outsourcing company the ability to prioritize resources appropriately.

Solving this dilemma requires comparing catastrophic failures of both services.

In the event of a completely compromised network and the loss of security over customer data ”“ including contact, credit card, and email address information ”“ the negative results are dire indeed. However, many companies in multiple industries have experienced compromised customer information and still managed to regain their footing. While customer activity may drop in the short term, bolstered information security can actually become a selling point to future clients.

Conversely, should continuity of service fail, the client company is faced with a massive service shortfall that could quickly produce a complete halt in business operations. Without the manpower to properly provide service, many companies would grind to a stop overnight, and restarting the corporate engine would require an entirely new outsourcing contract with an entirely new agency ”“ something that might take weeks or months to implement.

For this reason, continuity should always be the chief concern in any outsourcing endeavor. While information security is still crucial, and a compromised network can be excruciatingly difficult to repair, the inability to provide essential services to customers means the end of business operations. Since continuity represents the larger potential loss, it also represents the larger risk. Agencies that provide outsourcing services, as well as companies looking to outsource jobs, would be well served to remain fully aware of the primacy of business continuity.

– Data Czar @ DEO