sis_v0.1
TRANSCRIPT
-
8/7/2019 SIS_v0.1
1/7
Assignment 1 (a)
Strategic Systems
Strategic Systems in Essilor (System Thinking)
Flow of information
Stakeholders involved
Assingment1 (b)
Data Protection laws (Investigation)
How it is affecting flow of data in the organization (or country of your organization)
What steps are taken by your organization about data protection laws?
-
8/7/2019 SIS_v0.1
2/7
Assignment2 (a)
Critically evaluate any consequences of poor data protection on any current or future outsourcing
activities that your organization is or may be engaged in.
Data Extracts from Files
As the outsourcing of software development becomes more widespread, organizations must take efforts
to protect their sensitive data. While an outsourcing partner handling portions of a project can yield
great efficiencies, how can the contracting organization be assured that their trade secrets will be
protected by workers that they have never vetted? How can government contractors take advantage of
outsourcing efficiencies but still keep the trust of their government clients? Finally, how can an
organization share data with offshore partners without violating export restrictions and compromising
national security? This paper provides an overview of how outsourcing is currently performed in the
software industry, presents case studies of outsourcing where data sensitivity issues have arisen,examines the categories of risks to proprietary data, and finally presents strategies for dealing with
these problems.
So why do some firms spend a greater portion of their IT budget on IT outsourcing? Is
this a long-term trend or a short-term obsession? From an organisational context,
outsourcing is fuelled largely by cost cutting imperatives coupled with improved
budgetary control, refreshing technology and a wish to concentrate on the core
functions of the company. Moreover, offshore outsourcing has evolved into an increasinglystrategic solution for solving long-term business problems and freeing resources
to refocus on core activities. (Pai and Basu 2006)
Emerging Legal Challenges:Evolving Priorities and Concerns
It is sometimes easy to get carried away to assume that outsourcing is the panacea to cureall business adversities.
Conversely, an outsourcing arrangement can be in dire straitsif careful attention is not paid to due diligence
strategies, legislative and regulatoryprocedures. Naturally, any organisation considering offshore outsourcing of IT-
enabledservices as an option will need to consider the legal implications of the distinct processes and will have to be
aware of the judicial system of the outsourced country if the processfails to work satisfactorily. Key issues inherent
to outsourcing arrangements are loss ofcontrol and multi-faceted differences between the customer and its service
providers.
Particularly, risks are infinitely higher when the outsourced work is being undertaken ina different time zone or in a
different jurisdiction especially if the outsourcing partnerhas in possession the software and data of the
outsourcing company. As a result, the importance of legal issues is further elevated as, at every phase of an
outsourcingagreement, compliance issues and contractual obligations can affect the success of the enterprise
customer and its relationship with its service providers. Further, as enterprisescontinue to adopt varying operating
models for outsourcing agreements, they must bein a position to evaluate and weigh the strategic and tactical
objectives and prioritiesprimarily involving four key factors, which includes: cost savings, service quality/delivery,
level of control/governance and risk tolerance. Some common legal issueswhich require special attention are
outlined:
-
8/7/2019 SIS_v0.1
3/7
Choosing a governing law for the cross-border contract, and establishing which regulatory laws apply
in case of infringement or breach of contract.
Resolving software licences and usage permission of proprietary support tools.
Considering data protection and security delegations.
Establishing the effect of any mandatory local laws which may prejudice the relationship or impact on
later litigation.
Making sure that all IP rights and trade secrets are protected so that they are not violated in
the foreign country.
Covering for the insolvency, winding-up and change of control of the supplier.
(Pai and Basu 2006)
In addition to the legal issues mentioned above, there are some purely practical issues like language
barriers, geopolitical instability, loss of management control; and accountability problems, which also
need to be considered during the decision making process. Hence, as a matter of commercial
practicality, clauses in a contract with an overseas company are completely worthless unless there is a
mechanism for enforcing the contract in a way which actually works quickly and effectively. In
jurisdictions where no reciprocal legal arrangements exist, or where it is unrealistic to expect genuine
cooperation from the foreign legal system, the only sensible approach would be to build-in practical
measures in the contract itself as discussed later in this section, which do not necessarily require the
intervention of the legal process. In this section, as an example of offshored vendor services
marketplace we have focused our discussion on the Indian IT outsourcing industry in some of our case
studies.
Further, we have attempted to provide a comprehensive checklist of legal issues along with insightful
guidance on coping with emerging challenges in doing business beyond the borders of Europe and U.S.,
although broader expertise in these areas is desirable in planning and executing international
outsourcing transactions.
-
8/7/2019 SIS_v0.1
4/7
Outsourcing is defined in this paper as a regulated entitys use of a third party (either anaffiliated entity within a corporate group or an entity that is external to the corporate group) toperform activities on a continuing basis that would normally be undertaken by the regulatedentity, now or in the future.
What is Outsourcing?
At around the same time period, many organizations realized that, when they converted their legacy mainframe
based custom administration applications (personnel, payroll, accounting, finance, manufacturing, sales analysis,
accounts receivable, payables, etc.) to application products from Peoplesoft, SAP, ORACLE, Seibel, etc., it often
made sense to actually contract out the hosting and support of those applications to a supplier who specialized in
delivering payroll, personnel, accounting, etc. services using those application products. It was also a lot simpler to
define a service level agreement for running a commercial product than for running a mix of your old home-grown
applications. That usually also transferred the development and maintenance responsibility associated with the
application products being used to the outsourcer or ASP too. These outsourcing deals have enjoyed a lot more
success, and continue to grow in popularity. Some variations saw the organization actually retain the hosting
responsibility, but had the outsourcer manage and support the application product on the customer's computer
site.
Motivating Factors
Many of the initial and obvious motivators were described above. However, there were and are anumber of less obvious but no less pressing motivators to outsource involved today.
Computerapplications today are much more critical to the organization's minute by minuteoperation than they were 10 years ago.
Information workers (and most police workers can be called information workers without a stretchof the imagination), simply cannot do their job effectively today without the supporting informationsystems. If the system is down, the MDTs and mobile workstations don't work, or if e-mail orNCIC/CPIC access is down, productivity crashes. Our paperless operation clients are hit evenharder. So, the attention to and critical value (and related cost) of assuring non-stop reliability,hardened sites, disaster back-up facilities, closely monitored security, assured integrity, etc. canbe many times what it was a few short years ago. Most corporations and agencies face similarchallenges today. Outsourcers often can present a most credible and compelling argument thatthey can deliver to such high availability objectives better and at less cost.
Technical staffing also can pose challenges to organizations running the lifeblood systems of theorganization. Certainly, in the recent dot-com boom, many commercial organizations and governmentagencies found it difficult to attract and retain the sorts of technical skills and expertise that such systemsneed to stay effective. Even today, these skills are in scarce supply and often organizations and agenciescan only afford to have one person with a specific expertise, so when that person leaves, they areextremely vulnerable to problems. Because outsourcers specialize in running and supporting suchsystems for many, many organizations, they have the scale to maintain adequate depth of technicalresources so that routine turn-over of such staff does not compromise their service level.
-
8/7/2019 SIS_v0.1
5/7
Such resources as we have described are expensive, so sharing the resources (hardened site, verypowerful servers, capable and proven technical staff, high speed network connections, specializedsupport software for system and network management, back-up facilities and disaster /recovery sites,security layers, etc.) can make a lot of sense and reduce the cost burden associated with maintaining the
expected and required service level.
Obstacles to Outsourcing
The most recurring and obvious one is related to control and dependence; most organizations do notcreate such an operational vulnerability, exposure or external dependence on a third party organizationcasually. Some simply will not consider outsourcing for just that reason. Even with a rigorous contract, theavailable remedy, to exit the contract, can pose perceived risks of disruption that are unacceptable. Youhave to have confidence in your ability to contractually constrain and then manage such a contract (butmore organizations are reaching that state every year).
Security of sensitive information and processes can also pose obstacles to outsourcing. When legal orcommercial damage could result from disclosure or corruption of information, outsourcing can beperceived as adding further vulnerability to such exposure and thus discourages outsourcing.
With the development and penetration of business information systems, information systemsoutsourcing (IS Outsourcing) has attracted more and more interests from both managers and ITvendors.
_________________________________________________>>>>
As now the importance and dependencies on business information system grow,concept of information system outsourcing has grown immensely among managementand service providers.
_________________________________________________>>>>
Data protection and Outsourcing (setbacks disadvantages) especially with examples
-
8/7/2019 SIS_v0.1
6/7
Assignment2 (b)
Discuss the ways in which you would incorporate the key aspects of the data protection legislation or
principles into information-related strategies for an organization of your choice.
-
8/7/2019 SIS_v0.1
7/7
References
Hengesbaugh, Baker, McKenzie (2010) Data protection aspects in an outsourcingtransaction
Pai and Basu (2006) Emerging Legal Challenges in Offshore Outsourcing of IT-Enabled Services from
book Outsourcing and offshoring in 21st
Century a Socio economic prospective page 404