In business, actions with the greatest payoff can sometimes be risky. This certainly applies to outsourcing software development, AI projects or IT support to third parties. While it can help you get your digital transformation projects off the ground, accelerate timelines and provide you with the scarce tech talent while reducing the cost of full-time internal employees, there will always be a level of risk associated with it.

From natural disasters to pandemics, or civil and political strife, risk in outsourcing often comes from crises that are difficult to foresee and impossible to avoid. Risk can appear in other forms that are less tangible, as well. Consider the following sources of risk:

• Natural disasters, such as hurricanes or earthquakes can cause power outages, knock out internet access or damage critical infrastructure – all essential to software development and IT support.
• Political and civil unrest also can impact these vital resources, and can cause projects to come to a halt when outsourced teams are not able to work.
• Pandemics, such as COVID-19, while impacting everyone globally, can cause outbreaks across different regions at different times, forcing manufacturing sites to go dark. They also cause supply chain disruptions to critical equipment and supplies that are necessary to product development, which can be delayed or impossible to source.
• Security and data privacy breaches, which not only compromise confidential data, but put companies at risk of noncompliance to industry and federal regulations.
• Sub-par quality outcomes can cause costly and complex projects to fail, setting companies’ digital transformation goals back and compromising their reputations with customers and/or shareholders.
• Here at Puerto Rico-based Wovenware, we’ve had our fair share of natural disasters, from hurricanes, earthquakes and most recently COVID-19. But it’s from these situations that we’ve learned valuable lessons on how to pivot to meet client obligations and keep employees safe.

For example, we have a continuously updated contingency plan in place for whatever comes our way.  We’ve also learned to be more flexible and pivot when necessary. After Hurricane Maria, we realized our corporate headquarters and aging infrastructure were not resilient enough to weather new challenges, so we moved to new facilities in San Juan and opened up satellite offices on the mainland. 

Outsource Close to Home to Leverage Control 

A strategy to mitigate some level of risk from the unknown is to outsource software development projects to nearshorers instead of offshore providers. While the costs can be slightly higher, there are valuable trade-offs. Regional problems are easier to anticipate, since those issues are most likely impacting your own region. And being in similar timezones allows for real-time communication and collaboration. Plus, if your nearshore staff need to work from your site because of a crisis, they often do not require special visas or permission from the government.

Regardless of how you choose to outsource, here are five steps you and your outsourcing partner can take to minimize risk.

1. Triage the Criticality

The level of risk can be drastically different based on the service required. For example, in times of crisis, it may be more important to keep call centers open for customer assistance instead of keeping up with software development for a long-term digital transformation initiative. The type of service you require carries different levels of risk and consequently different risk-taking measures.

2. Insist on a Risk Mitigation Plan

Your outsourcing partner needs to have a risk mitigation plan that identifies risk factors like loss of internet or power, along with an outlined back-up plan to address each risk. For one client we work with, Wovenware’s risk mitigation plan states that 36 hours before a Category 4 hurricane (or greater) is coming, we will send critical team members off-island for a specified period of time. All of this information should be very specific and explicitly laid out for you by all outsourcing partners.

3. Ensure Redundancy

When all else fails, it’s a good idea to have a back-up provider in place to handle mission-critical activities if your primary service provider is severely impacted. Vetting an appropriate back-up should be done well before a crisis is imminent, and you should involve your primary outsourcing partner in the selection process.

4. Don’t Focus Too Much on SLAs

Service-Level Agreements (SLAs) can be important to manage costs and KPIs, but when it comes to a crisis it should be a secondary. SLAs can stipulate reimbursements for downtime or power outages, but in most major crises people are not as concerned with money – they need problems fixed immediately. Consider the case of a hosting company that was hacked and a hosted website went down for a few days. Because of the SLA, the customer may have been reimbursed for a small amount of money, but the loss of website visitors was priceless in comparison.

5. Prepare but Be Ready to Iterate

Remember that no “battle plan survives first contact with the enemy.” Contingency and disaster plans are a must for every business, but they should be flexible so you can iterate faster than ever if your initial plan fails.

Risk abounds in any strategic business decision, but the benefits of expanding your software development or IT team with external experts far outweighs the risk. The key to properly managing risk requires strategically selecting the right model, as well as creating an effective risk mitigation plan that will – hopefully – never be needed.