MeMbers of rMA’s Third-Party Risk Management Round Table are experienced leader-practitioners, individually and collectively creating emerging best practices in third-party risk management. As the round table’s facilitator, subject matter expert, and member of the Steering Committee, it’s exciting and rewarding for me to be integral to this evolution.
Offshoring and outsourcing don’t exist in a vacuum. These are processes that take advantage of and are influenced by technology, politics and the larger economy. Look at the last big round of offshoring at the start of the century. It didn’t just “happen” without any reason. Very specific changes facilitated this age of outsourcing.
Recent stories by, amongst others, the BBC detailing large, well-organised and presumably very profitable scamming organisations targeting UK TalkTalk customers have hardly helped the already-lowly reputation of offshore contact centres - but may unfortunately be only the tip of a perilous iceberg.
In a multi-partner service delivery model, transparency and visibility are essential to an effective security and supplier risk management (SRM) strategy. Yet a wide range of evidence suggests that this transparency is sorely lacking in many cases. According to a study by the independent Ponemon Institute, 73 per cent of suppliers that experience a data breach don’t notify other vendors in the supply chain, while more than a third (37 per cent) of suppliers don’t notify their customers.
Emerging technology services have revolutionised the sourcing industry. These disruptive technologies like autonomics, interface technologies, big data analytics and other computing technologies have permitted smaller companies to successfully challenge established incumbent businesses. Specifically, as incumbents focus on improving their products and services for their most demanding (and usually most profitable) customers, they may exceed the needs of some segments and ignore the needs of others.
Cloud has been both an exciting and disruptive force in the technology market for the last decade. It has acted as a critical enabler for a host of other influential technologies and this will continue and accelerate in 2017.
Compliance – complexity and uncertainty drives the need for flexible, adaptive strategies
Earlier this year, Outsource editor Jamie Liddell had the privilege of chairing a roundtable dinner hosted by Capgemini, and attended by some of the most prominent advisors in the UK outsourcing community. The evening saw a huge variety of topics covered - but took place under Chatham House Rules, meaning that the conversation did not take place "on the record".
Budgeting for IT has always been an uphill battle, with the boardroom tending to try and cut back on spending whenever possible, despite a driving desire for the competitive advantage strong tech investment brings. This is especially true for cybersecurity, which has always been hobbled by the difficulty in proving its day-to-day value. It’s only when an attempted attack occurs that the value of security investment overtakes the “it won’t happen to us” mentality.
The data and cyber regulatory regime in the EU – which includes, for the time being at least, the UK – is undergoing a very significant shake-up. The new General Data Protection Regulation which will come into force on 25 May 2018 will bring a number of new measures into play such as much increased fines (up to the higher of 4% of annual worldwide turnover or 20 million euros, in some cases) and mandatory reporting of most data security breaches.