Intellectual property lawyers understand that transferring a business process to a third party could result in leakage of proprietary technology and competitive trade secrets, despite the contractual non-disclosure provisions. Similarly, many functions are not appropriate for outsourcing. Thus, risks can be avoided by not outsourcing sensitive processes.
Rather than eliminate risk, one can shape the parameters of the risk by service configuration techniques. Security can be enhanced by such infrastructure configurations as:
- having the processing power reside in the enterprise customer’s computers, with the service provider merely entering data through “dumb” terminals (lacking local disk drives) and interacting on the telephone;
- access restrictions, for segregating personnel from the entire business process, so that jobs are not done entirely by one person (though this reduces the scalability and efficiencies that drive outsourcing); and
- policies and procedures prohibiting the use of any tools for recording information (such as paper and pencil) other than the computer terminal.
The practicalities of such service configurations can be quite beneficial. The outsourcing contract, though, needs to spell out the parties’ expectations about the structure of service configuration and its impact on productivity, price, costs, timing, responsiveness and quality of service.