One Sunday morning, a loud phone call woke me up from my slumber ecstasy. It was the hospital secretary asking me to go into emergency duty since one of the residents had a premature vaginal bleeding, probably due to stress I might have guessed. But then, I remembered that I have to do a week long laundry whose stench is asking for my immediate attention. Scorching answers for this personal dilemma, I started weighing out my options whether to be selfish and do my chores or play Mother Theresa and serve the community. Then, like any bright idea that blasted like a full – lit light bulb on my head, I thought – “why not let somebody else do my laundry?” I would earn more money in being a doctor than doing all the laundry in a day… well that and I could serve mankind! Since it is done by a professional clothes washer, my clothes would be a lot cleaner not to mention that my hands would be soap, chlorine and wrinkle free. Thus, I could devote my time on what I’m really good at; being a doctor, among other things. The same logic more or less runs when a company decides to do outsourcing. It happens when one company enters a business transaction with another company and contracts its services to handle some of its business processes. It brings about benefits that opens windows of business opportunities for progress but also opens up the organization to threats brought about by the new innovation.
Outsourcing is done by various organizations, both big firms and international organizations as well as small scale business ventures. In fact, in our hospital, we have just contracted a security agency to secure our premises and ensure protection of both the employees and our clients. It is done to yield benefits that would outweigh the cost that it entails. First, it allows the business to save and cut costs. Back to the earlier situation, just imagine the money that I have to spend on detergent, water and most of all, the time that I would consume in washing my clothes to think that I’m not stingy when doing this task. The same thing with our hospital, to hire a security agency would cost less than hiring a permanent security officer who is entitled to all the benefits afforded on a regular government employee. It also allows me to focus on my career as a physician rather than worrying how to remove the blood stain in my back pocket that seems to be a public target to deflate my self confidence while doing my ward rounds. The hospital as well would be able to focus on uplifting the medical services rather than agonize on security details. Lastly, outsourcing certain business processes could ensure a better delivery of such services rather than being done by the host organization itself. A security agency could always entail better protective services since they are more proficient in this area as compared to the hospital administration. The same thing follows with my laundry when done by a professional clothes washer as my dress will be much cleaner and well pressed as each hemline contour and vibrant color screams fashion.
Outsourcing some organizational services could sometimes be a no-brainer in stipulating its benefits but it is a completely different thing when we talk about information technology security. When data protection of a certain organization is outsourced to a different company, it exposes itself to data security threats as well. The information that could be derived may be used on some malicious mischief by persons with insidious intent. And worse, an organization’s knowledge on its competitive advantage could be stolen by rival companies. Just imagine the numerous confidentiality lawsuits against the hospital if a patient’s medical history would be publicly accessed. As with my laundry dilemma, I could risk some of my expensive clothes damaged or worse stolen! Does that deter any business ventures from shying away from engaging into outsourcing sensitive information? Surely, it does not! These business enterprise that engage in protecting an organization’s records are definitely efficient in their field of expertise. External threats, that is, threats from the public network are much more devastating than the paranoia of exposing an organization to the IT security expert company. It is the same suspicious thought that dances in your mind when you hire a bodyguard thinking he himself would break your neck when somebody would pay him to do just that. Clearly, in IT security outsourcing, the benefit in doing such endeavor outweighs the prospected harm it imposes.
Since data security and integrity issues is concerned in outsourcing data security, it would be essential to stipulate maintenance of data security and integrity to safeguard data security lapses in the service level agreement with an IT security outsourcer to ensure that it does not exploit the data of the organization by any means or expose it to theft from other competitive companies. To achieve this, the organization should do a careful evaluation and planning before engaging in this endeavor as the need for data outsourcing dictates. First, one should evaluate the service provider making sure that it is trustworthy, efficient and commendable carefully researching its capabilities and reputation. Surely, you don’t want to deal with a company who has lost its truthfulness in honoring contracts neither the one that has diminished its efficiency. Only then would you enter into an agreement that would certainly safeguard the information technology data being outsourced. One of the ways on which to do these is to let the outsourcing service company sign a non-disclosure agreement. Another way is for them to put limits on their additional outsourcing and subcontracting to other companies that would involve the organization’s data. And finally, the organization should ensure that the outsourcing service company would be answerable and held liable if there would be a breach on the information technology security.
Now back to the original situation, it would be most be beneficial for me to “outsource” to a laundry service and concentrate on my medical career. But then, I would be running the risk of my laundry person telling the whole subdivision that I am fond of wearing T-backs or I always keep a private item on my back pocket. Nevertheless, such risk would not deter my decision. To mitigate such risk, I should ensure that the person I’m dealing with is trustworthy and efficient. The same holds true when a company outsource any service especially IT security. There may be threats, but opening windows of opportunity for progress would entail an optimistic outcome. The organization should only be cautious and vigilant when engaging in such endeavor. So, why should I worry?… let them do my laundry!
evangeltolentino 