Many organisations are realising that there may be advantages in concentrating on essential core activities and using external organisations to provide (usually generic) support services. This briefing outlines some of the key issues to be addressed when considering outsourcing and when evaluating outsourcing suppliers and contractors.
Outsourcing may be used to tap into expertise and experience not available in-house (technical or managerial) or simply to identify (and then reduce) the costs of support services.
When thinking of whether to outsource it is necessary to consider such issues as:
The first requirement is then clarity about the needs of the service - and to use this to draw up a clear requirements specification. The group that draws this up must include representatives of the key user communities and not just the previous in-house service provider. Drawing up the requirements specification may need a structured approach to soliciting, testing and validating users' views.
This group should work to a steering group of the senior management of the organisation to ensure they are 'signed up' and understand the issues involved.
From the requirements specification, and the discussions with potential outsourcers, will come a "managed services contract" which defines the responsibilities of both parties. This may include (as appropriate):
Those outsourcing services always want to include penalties for poor performance. However an effective agreement should also include incentives - for good performance and for continuous improvement. Otherwise the supplier is likely to meet the terms of the contract and no more.
The scope of the contract will, in part, determine the nature of any process by which changes to the service - initiated by either party - are handled, within or outside of the agreement.
Choosing an outsourcing supplier is broadly like choosing any other supplier - choose someone you can work with and whose track record is secure. It is, though, wise to consider the use of an independent consultant in the selection process - the supplier is likely to have considerably more experience than you in the negotiation/contract setting process; it is wise to balance this with some expertise "on your side".
The initial process of implementing the agreement is important. There should be an agreed implementation period and plan with firm review dates and processes. At the end (assuming all goes well) implementation is "signed off" and the agreement formally begins.
Best Practices in Outsourcing
The following table is reproduced with permission from the joint working paper on Socially Responsible Enterprise Restructuring of the International Labour Office and the European Baha'i Business Forum : see
Managed Service Provision
A Managed Service Provider runs specific (usually IT) functions for an organisation that requires specialist knowledge or expertise. The term 'managed services' is being used to apply to a range of IT-related services. Commonly these relate to the Internet/WWW. So internet security, website or web application hosting, and network systems management are prime contenders.
Internet security services are a good illustration of the concept. Internet security products, concepts, and technologies are very sophisticated and are new. Few organisations have 'expert' staff. It is also a fast moving area. The job of keeping up with new hacking techniques and new viruses requires a lot of attention. When the importance of this area - the vulnerability of organisations to the risks involved - is recognised, using someone else to provide that constantly refreshed expertise becomes an obvious example. Thus, a managed service may provide any or all of :
The company can be assured that these task are being carried out by fully-trained, competent staff - and that someone else has the task of ensuring 24 hour cover, coveing sickness and holidays, etc.
Managed service providers typically provide their services on a subscription basis, over a one/two year contract period. The decision as to whether or not to use managed services is a 'standard' outsourcing decision. The standard challenges associated with outsourcing also exist - outsourcing critical functions can result in a loss of control. There is also the fear - more imagined than real - of placing sensitive information in the hands of an organisation that may perform a similar service for competitors. The concept is still novel. It will probably survive and prosper, though not all the first phase MSPs will. The market is small though growing. There are probably too many MSPs in the marketplace for its size. As ever, caveat emptor!
Out-tasking The Outsourcing Alternative
Out-tasking is best described by using an example.
Outsourcing has hit the enterprise security market. This is an area of specialist knowledge and it makes sense to hire specialists to address information security challenges. However, outsourcing may not always be the soundest approach to security. It can leave an organisation overly dependent on the managed security service provider to meet security needs; this can often mean that risks are not reviewed regularly a case of out of sight, out of mind.
Senior managers should remember that outsourcing the work does not remove responsibility. An alternative is emerging this can be more efficient than standard outsourcing. It is known as out-tasking.
Out-tasking is the farming out of discrete, specialised security tasks, rather than security as a whole area. Such tasks could be, for example, intrusion detection system monitoring, forensic investigations, or periodic vulnerability assessments. In contrast to outsourcing, out-tasking forces an organisation to hold itself accountable for its own security, no matter which functions are performed by staff and which are provided through a managed security service. The organisation, by selecting out-tasking rather than outsourcing - makes a conscious decision to retain control over the security programme. This correctly recognises that the company itself is responsible for the companys assets.
In fact, out-tasking, by making the company decide which tasks are better handled in-house, and which out-of-house, often thinks more carefully about overall security strategy. The out-tasking acts as a strategic catalyst. This mixed mode approach retaining responsibility for strategy and then selectively outsourcing components of an overall process following an analysis of need and capability can apply to other areas. And of course, it should be seen for what it really is a simple variation on the outsourcing theme.
For an in-depth look at outsourcing, see www.cw360ms.com/outsourcing/index.asp
U P D A T E
A recent report by Morgan Chambers suggests that 56% of the UK FTSE-100
companies have embraced the outsourcing of previously internal services.
Outsourcing now accounts for £5.9 billion in revenue from the FTSE-100
alone. There is also evidence that outsourcing, as a strategic weapon,
can have a positive impact on share price - the report suggests that the
difference is about 5.3% above the individual sector average and 4.9%
above the overall FTSE-100.
Send E-mail to
TSN@The-Saudi.Net with questions or
comments about The Saudi Network.