Future of Sourcing - Security https://www.futureofsourcing.com/tags/security en Lessons Learned in Managing Security Risk when Outsourcing Services https://www.futureofsourcing.com/lessons-learned-in-managing-security-risk-when-outsourcing-services <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://www.futureofsourcing.com/sites/default/files/articles/Lessons%20Learned%20in%20Managing%20Security%20Risk.jpg"><a href="https://www.futureofsourcing.com/sites/default/files/articles/Lessons%20Learned%20in%20Managing%20Security%20Risk.jpg" title="Lessons Learned in Managing Security Risk when Outsourcing Services " class="colorbox" rel="gallery-node-1621-eE8Q4LAZGQg"><img typeof="foaf:Image" src="https://www.futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Lessons%20Learned%20in%20Managing%20Security%20Risk.jpg?itok=D0IsrfYT" width="624" height="325" alt="" title="" /></a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <div>It seems that I have reached a point in my career where I have to acknowledge that I am not one of the young guys anymore. As I support my customers and assess the state of their Risk Management capabilities, I continue to find that I rarely see issues that I have not seen before. I guess that is the benefit of having worked in this field for a couple of decades. But it is also an indication that the lessons that are being learned in one segment of industry are not becoming common practice in other segments. It is important to point out that I consider the issues that I discuss here be COMMON practice, not BEST practice.&nbsp;</div> <div>&nbsp;</div> <div>When it comes to outsourcing, as we all know, there are multiple reasons to outsource services. Small companies and large companies outsource services because a) they simply do not have the core competency/skillset that is needed to perform the service properly, or b) the continued investment in infrastructure and staff to stay compliant in certain services (e.g. HR, finance) is significant, or c) some services are transient or niche, and therefore needed for only a short time, or d) some combination of other factors. When properly analyzed, choosing to outsource a service rather than keep it in-house can absolutely be a proper decision. But there are certain obligations that come along with outsourcing that are often forgotten. That leads to security issues.&nbsp;</div> <div>&nbsp;</div> <div>We have spent the better part of the last 20 years learning from our mistakes and oversights to establish a sound and comprehensive set of security controls and standards (see NIST 800-53, and ISO 27001/2), and we have created policies to articulate when to use these controls. Most of these controls are considered to be basic hygiene. But for some reason, many companies choose to cast them aside or act as if they do not exist when deciding to outsource services. In my career, I have actually experienced someone who stated that they outsourced a service &ldquo;to avoid having to comply with our internal security policies&rdquo;. Think about that. You have established minimum expectations for security controls when you install a system in your own environment. Why would anyone think those minimum expectations do not apply simply because you choose to outsource the service? It is still your service, why would your minimum expectations be any different? In fact, some would say that you have a fiduciary responsibility to make sure that your outsourced services do meet your existing policies and practices. I am one of those people.&nbsp;</div> <div>&nbsp;</div> <div>You remain accountable for any service that you choose to outsource. You are obligated to establish your minimum expectations and make sure your service providers know about them and are meeting them. And, here is the part that you may not want to hear: Every service that you outsource still requires some internal investment of resources for you to manage and monitor the service. Some of them require minimal resource investments, and others require significant resources to properly manage the service. Below are some misconceptions that are pretty common as services are outsourced. I highlight them here because correcting these issues is not terribly complicated. &nbsp;&nbsp;</div> <div>&nbsp;</div> <ul> <li>Internal Service Owners, when interacting with audit teams or risk assessment teams, are often asked to confirm that certain security controls are present. A frequent response is &ldquo;We don&rsquo;t know, our service provider does that for us.&rdquo; Here are some of the problems with that statement: <ul> <li>You need to know. That is your service. Your service provider works for you. I have found that service providers will pay careful attention to what you tell them regarding service levels, and they will build and price a service to meet exactly what you say. If you leave something out, they will not include it, in an effort to remain competitive on cost. Security requirements are no different. If you do not explicitly state what you expect, it is reasonably certain that you will not get it.&nbsp;</li> <li>Many times, when a company says &ldquo;&hellip;our service provider does all that for us.&rdquo;, a small amount of investigation uncovers that the Service Provider DOESN&rsquo;T do that, either because they haven&rsquo;t been contracted to do it, or because it is simply something that a SP cannot do. Some actions must be performed by the outsourcer (e.g. user management). There is a major infrastructure service provider that I am aware of that does a very good job of providing guidance to their customers that clearly states &ldquo;here are the things that we will do for you, here are the things that we CAN do for you if you choose to add optional services, and here are the things that you must do for yourself.&rdquo; I have found that very few outsourcers have taken the time to read the third section. Those are the ones that say, &ldquo;Our Service Provider does that for us,&rdquo; even though the service provider has given them a document that states explicitly that they do not do those things. Auditors enjoy those situations.&nbsp;</li> </ul> </li> <li>&ldquo;Once I choose to outsource a service, and complete proper acceptance testing, it does not require ongoing monitoring to confirm proper performance.&rdquo; Unfortunately, many companies outsource services in an attempt to reduce cost. That tends to cause companies to &ldquo;set it and forget it.&rdquo; They feel that investing additional resources in periodic assessments eats away at any cost savings that they were trying to achieve. My suggestion is that when you do the cost/benefit analysis when considering outsourcing, the cost of periodic assessment (annual or bi-annual) should be part of that analysis every single time. If you are unwilling to periodically confirm through observation of evidence that your service providers are performing adequately, you should reconsider whether outsourcing a service is the right thing.&nbsp;</li> <li>&ldquo;My service provider knows this service better than I do, so I trust them to do it correctly.&rdquo; It may be true that your service provider knows the details of the service better than you do (remember, you could be outsourcing simply because you to not have the core competency in a given service). But that is not a reason to leave these expectations unwritten. If you are not comfortable stating your security requirements, then require your service provider to explicitly tell you what their minimum security controls are. Most proactive service providers already have these things written down and will provide it to you.&nbsp;</li> </ul> <div>So, in summary, many security issues that pop up in outsourcing situations are due to lack of proper expectations. Avoid these common mistakes by doing the following:&nbsp;</div> <div>&nbsp;</div> <ul> <li>Explicitly state your security expectations. It is my observation that if you tell a service provider that something is required, they will do it, because they want to get paid. &nbsp;</li> <li>Read the service documents that your service providers give you. Good service providers will explicitly document what they commit to do, and what you must do for yourself. They do this to avoid litigation and delays in payment. Read those documents.</li> <li>Educate your staff (And your board if necessary) to understand that when you outsource services, you still carry an obligation to manage and monitor the performance of those services. If you happen to have a service provider that isn&rsquo;t attentive to meeting your requirements, they certainly aren&rsquo;t going to point it out to you. You have to find it for yourself.&nbsp;</li> </ul> <div>If you fail to do these basic things, you will find that outsourcing services results in increases in complexity and increases in non-productive activities due to surprises. That means increases in leadership stress. &nbsp;You do not outsource things to increase leadership stress.</div> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Risk Management</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/outsourcing" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Outsourcing</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Security</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/standards" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Standards</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/internal-service-owners" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Internal Service Owners</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/managed-service-providers-msps" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Managed Service Providers (MSPs)</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Lessons Learned in Managing Security Risk when Outsourcing Services - Future of Sourcing" addthis:url="https://www.futureofsourcing.com/lessons-learned-in-managing-security-risk-when-outsourcing-services"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Sun, 13 Oct 2019 17:54:03 +0000 Dan Pinto 1621 at https://www.futureofsourcing.com https://www.futureofsourcing.com/lessons-learned-in-managing-security-risk-when-outsourcing-services#comments Sourcing Star Winner: Canda S. Rozier https://www.futureofsourcing.com/sourcing-star-winner-canda-s-rozier <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://www.futureofsourcing.com/sites/default/files/articles/Canda_FOS%20Individual%20Award_Interview%20Graphic.png"><a href="https://www.futureofsourcing.com/sites/default/files/articles/Canda_FOS%20Individual%20Award_Interview%20Graphic.png" title="Sourcing Star Winner: Canda S. Rozier" class="colorbox" rel="gallery-node-1575-eE8Q4LAZGQg"><img typeof="foaf:Image" src="https://www.futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Canda_FOS%20Individual%20Award_Interview%20Graphic.png?itok=lW_lMqDD" width="624" height="325" alt="" title="" /></a></div></div></div><div class="field field-name-field-intro field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"> <p>This October, the&nbsp;<a href="https://futureofsourcingawards.com" target="_blank">Future of Sourcing Awards</a>&nbsp;celebrated seasoned veterans whose thought leadership and innovative work in the sourcing field have made a transformative difference over the course of their career. Below, read about Sourcing Star winner Canda S. Rozier who was one of the first female CPOs in the industry and a true trailblazer.</p> </div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <div> <h3><em>How did you get into this field &ndash; was it purposeful or by accident?</em></h3> </div> <div>Early in my career at First Data, while in a business/product management role, I was asked to assist legal with negotiating vendor contracts. &nbsp;I quickly realized that I loved it, and I was very good at it! &nbsp;A year later, the company set up a new global procurement function, &ldquo;to leverage the purchasing power&rdquo; of multiple legal entities, and I was tapped as one of the two employees to start the function from green field (the other person was an attorney). &nbsp;My career in procurement progressed quickly after that and I&rsquo;ve never looked back!&nbsp;</div> <div>&nbsp;</div> <div> <h3><em>In what ways do you feel your professional contributions have influenced or transformed the industry? (This could be a new approach or methodology, the application of an existing technology in a completely new way, significant thought leadership or even a career of inspiring others.)</em></h3> </div> <div>I believe that I have made significant and lasting contributions to the industry through my leadership and mentoring, and as one of the early women in a CPO role. At a time when the typical procurement approach with vendors was often &ldquo;zero sum&rdquo; (we win, you lose), I required a win/win approach, which lead to sustainable and holistic partnerships with suppliers. I instilled this in my teams, and today many of my former employees are in procurement leadership positions, using this philosophy as their foundation. This leads to procurement being accepted as a true strategic partner to the business. &nbsp;&nbsp;</div> <div>&nbsp;</div> <div>When I first became a CPO and senior executive, I was often the only woman &ldquo;at the table,&rdquo; and likewise one of few women at industry events and conferences. &nbsp;Throughout my career I have sought (and sometimes fought) to ensure that my teams embrace and value diversity. &nbsp;</div> <div>&nbsp;</div> <div> <h3><em>In your opinion, what are the biggest challenges facing the industry today and what should be done to solve them?</em></h3> </div> <div>I think one of the biggest problems facing procurement leaders today is continuing to enhance and increase the value of procurement to the business, and at the same time supporting the ever-present business mandate to &ldquo;do more with less,&rdquo; especially with shared services functions. &nbsp;Procurement must be on the leading edge of embracing efficiencies for tactical and operational functions (levering systems, AI, RPA, outsourcing, etc.), and at the same time, maximize the value creation from strategic sourcing, category management and business partnering.&nbsp;</div> <div>&nbsp;</div> <div> <h3><em>Looking at the whole of your career, what do you consider to be your greatest achievement?</em></h3> </div> <div>I believe my greatest achievement was the establishment and long-term success of the Global Procurement function at First Data. &nbsp;I grew Procurement from a green field organization to a global function that was not only accepted, but was well respected by the business, had a seat at the executive table, and was seen as a valued strategic partner for traditional sourcing and procurement functions, as well as M&amp;A activities and other adjunct business initiatives.&nbsp;</div> <div>&nbsp;</div> <div> <h3><em>What three words do you feel your colleagues and peers would use to describe you?</em></h3> </div> <div>Passionate, Partner, Productive&nbsp;</div> <div>&nbsp;</div> <div> <h3><em>What advice do you have for those who are new to the profession or considering entering the industry?</em></h3> </div> <div>My advice to any young person starting their career is:</div> <div>&nbsp; &nbsp;</div> <ul> <li>be passionate in your career, but keep balance in your life; &nbsp;</li> <li>learn your strengths and how to leverage them; &nbsp; &nbsp;</li> <li>know your weaknesses and strive to improve them, or at least don&rsquo;t let them impact your success; and &nbsp;</li> <li>always act with utmost ethics&mdash;your reputation will both precede and follow you.&nbsp;</li> </ul> <div>&nbsp;</div> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/chief-procurement-officer-cpo" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Chief Procurement Officer (CPO)</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Security</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/procurement" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Procurement</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/strategic-sourcing" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Strategic Sourcing</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/category-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Category Management</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Sourcing Star Winner: Canda S. Rozier - Future of Sourcing" addthis:url="https://www.futureofsourcing.com/sourcing-star-winner-canda-s-rozier"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Sun, 04 Aug 2019 16:37:41 +0000 Canda S. Rozier 1575 at https://www.futureofsourcing.com https://www.futureofsourcing.com/sourcing-star-winner-canda-s-rozier#comments Caller ID: A Simple Feature with Complex Effects https://www.futureofsourcing.com/caller-id-a-simple-feature-with-complex-effects <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://www.futureofsourcing.com/sites/default/files/articles/caller%20ID%20624x325.jpg"><a href="https://www.futureofsourcing.com/sites/default/files/articles/caller%20ID%20624x325.jpg" title="Caller ID: A Simple Feature with Complex Effects" class="colorbox" rel="gallery-node-1292-eE8Q4LAZGQg"><img typeof="foaf:Image" src="https://www.futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/caller%20ID%20624x325.jpg?itok=I5TPXP-u" width="624" height="325" alt="" title="" /></a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <div>We&rsquo;ve all been there: you pick up an incoming call to hear silence...or a request for personal information...or a recorded message...only to regret picking up the call. But you&rsquo;ve also probably been on the other side: you&rsquo;ve ignored a call from a number you don&rsquo;t recognize only to find out it was the delivery driver looking to validate your address...the bank calling to let you know there has been suspicious activity on your card...or the doctor calling with updates from your last appointment. With the increase in fraudulent or scam calls in recent years, many of us have simply been conditioned to ignore unknown numbers, even if it does mean missing some calls actually meant for us. Caller ID is the little feature that allowed people to make an educated guess on whether to &ldquo;screen&rdquo; a call versus answering every call that came through. While it was testing in the 1970s and 1980s, Caller ID was rolled out broadly in the early 1990s and with it came FCC regulations to manage use and control. Below is a quick history of key regulations that relate to or effect Caller ID services:</div> <div>&nbsp;</div> <ul> <li>1994: Caller ID rules became effective, including the requirement that Caller ID be transmitted to connecting carriers and allow callers to conceal their number by dialing *67</li> <li>2004: Caller ID rules for telemarketers required that they transmit Caller ID information and prohibited the blocking of that information</li> <li>2009: The Truth in Caller ID Act established that manipulating Caller ID (aka &ldquo;spoofing&rdquo;) is illegal in cases where it is used with the intent to &ldquo;defraud, cause harm or wrongly obtain anything of value&rdquo;</li> <li>2017: The FCC updated the rules to allow carriers to proactively block calls that come from numbers that do not or cannot make outgoing calls (aka Do-Not-Originate [DNO] lists) and to block calls based on subscriber requests to block</li> </ul> <div>&nbsp;</div> <div>The 2009 and 2017 rules deal directly with &ldquo;spoofing,&rdquo; the process by which a caller masks or manipulates their originating number. With the rise in internet/VoIP calling, the ability to actually spoof Caller ID became more convenient/less traceable, which led to a rise in fraudulent calling schemes. There are certainly legitimate reasons to spoof Caller ID (e.g., call centers may want to display a central number to call back, doctors or other professions that tend be &ldquo;on-call&rdquo; may want to block their personal cell phone numbers when calling patients), but many of us are likely more familiar with the fraudsters and scammers who use spoofing for nefarious uses. Neighbor spoofing, a specific type of spoofing where the calling number features the same area code and first three digits (NPA-NXX) as the recipient&rsquo;s number so as to appear familiar, has gained a lot of traction in the past few years. This has increased the total number of spam/scam calls and inspired numerous fines from the FCC.</div> <div>&nbsp;</div> <div><strong>Consumer Impacts of Unwanted Calling</strong></div> <div>&nbsp;</div> <div>The FCC estimates that consumers receive 98 million robocalls daily! In addition to simple annoyance, many robocalls have more serious consequences. Many consumers have been persuaded by these calls to release personal or banking information, pay fines or provide information to receive benefits (e.g., the &ldquo;IRS&rdquo; scam), or generally get roped into some unwanted information exchange.</div> <div>&nbsp;</div> <div><strong>Solutions for the Consumer</strong></div> <div>&nbsp;</div> <div>Robocalls, fraudulent calls and spam calls leave consumers asking for a solution. First, consumers are hoping to avoid getting these calls and keep themselves and their loved ones from being taken for a ride. Second, consumers are eager for a way to flag suspicious calls or provide some information on suspected origin or type to make more educated decisions when answering calls. The wireless carriers have reacted to this customer frustration in different ways with a few similar offerings:</div> <div>&nbsp;</div> <ul> <li>Verizon Wireless offers an add-on service called &ldquo;Caller Name ID&rdquo; for $2.99/month. This service communicates a risk level associated with the originating number, allows you set up a spam filter and block list, and pulls in caller details for unknown numbers.</li> <li>Sprint went the &ldquo;paid-for feature&rdquo; route as well to offer something called &ldquo;Premium Caller ID&rdquo; for $2.99/month. This service displays caller names for those not in your contacts and, depending on the device, provides indicators around likely spam calls.</li> <li>AT&amp;T Mobility offers an app-based solution called &ldquo;Call Protect&rdquo; that provides automatic fraud blocking and suspected spam call warnings &ndash; there is a free basic version and an enhanced version for $3.99/month. The enhanced version provides additional caller ID information, allows for reverse number lookup and enables users to create/manage call-blocking controls.</li> <li>T-Mobile offers a variety of options: two free solutions called &ldquo;Scam ID&rdquo; and &ldquo;Scam Block&rdquo; which checks against T-Mobile&rsquo;s database and automatically blocks fraudulent calls or provides a &ldquo;spam likely&rdquo; warning. They also offer a service called &ldquo;Name ID&rdquo; for $4/month which allows you to see any name, personal number or type of organization associated with the call and block the number if necessary.</li> </ul> <div>&nbsp;</div> <div>Currently, the FCC does not require carriers to offer these solutions for free, but it does require that they offer some type of service to consumers. These features allow consumers to make better informed decisions and can actually decrease the number of unwanted calls by blocking known fraudulent callers. This is something to keep an eye on in terms of what your carrier offers (and at what price point) and if the FCC will step in to make these services required from a basic plan or &ldquo;no cost&rdquo; standpoint.</div> <div>&nbsp;</div> <div><strong>Business Impacts of the Consumer Solutions</strong></div> <div>&nbsp;</div> <div>While government regulations and the solutions provided by <a href="http://www.futureofsourcing.com/headline-your-telecom-contracts-are-ending-now-what" target="_blank">wireless carriers</a> are designed to protect consumers, they&rsquo;ve also had an impact on the enterprise side. Legitimate businesses that are heavily dependent on call-through and answer rates have likely seen a change in these volumes since the November 2017 rules were put into effect. Because the rules and services on the market favor consumer protection, many classifications of numbers or analytic engines behind spam or fraud protection are driven by consumer reporting.</div> <div>&nbsp;</div> <div>This has spawned a relatively new set of services aimed at helping companies optimize their outbound calling by managing and optimizing Caller ID Name information. There are a number of Caller ID Name (CNAM) databases in use (as opposed to one central &ldquo;source of truth&rdquo;) for Caller ID Name. The receiving caller, carrier or plan will determine which CNAM is queried as they receive an incoming call. There are a several ways these services look to improve an organization&rsquo;s outbound calling and associated answer rates. First, these services allow organizations to understand how their numbers are labeled and promote accuracy and consistency. By first understanding what Caller ID Name appears across these databases, organizations can work with different service providers to display a consistent name across CNAMs, phone numbers and networks, and even add branding or personalization to the Caller ID information displayed. In theory, if consumers can see and recognize the name, they will be more likely to answer. Second, these services support registering verified numbers with the carrier to improve accuracy of labeling or reduce automatic blocking, and can monitor and inform the various analytic engines of mislabeling (to potentially be corrected). Lastly, some of these services can report on complaints to the FCC about calling behavior (e.g., calling outside of defined business hours) and that allows organization to focus on training for their calling agents or other ways of improving consumer experience with calling.</div> <div>&nbsp;</div> <div>As solutions look to increase consumer awareness of who is calling and prevent fraudulent calls, the services available to organizations to ensure their legitimate calls get through will continue to evolve. Given that regulations continue to transform, we are likely to see some push and pull between the consumer and enterprise side and solutions to help both. Until then, keep an eye on your mobile and the reporting you see come through!</div> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/risk" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Risk</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Security</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/innovation" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Innovation</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/communication" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Communication</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/technology" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Technology</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Caller ID: A Simple Feature with Complex Effects - Future of Sourcing" addthis:url="https://www.futureofsourcing.com/caller-id-a-simple-feature-with-complex-effects"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Fri, 12 Oct 2018 19:40:15 +0000 Torey Guingrich 1292 at https://www.futureofsourcing.com https://www.futureofsourcing.com/caller-id-a-simple-feature-with-complex-effects#comments Top 3 Takeaways from HfS' Cognitive Agent Research https://www.futureofsourcing.com/top-3-takeaways-from-hfs-cognitive-agent-research <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://www.futureofsourcing.com/sites/default/files/articles/Cognitive%20Agent_624x325.jpg"><a href="https://www.futureofsourcing.com/sites/default/files/articles/Cognitive%20Agent_624x325.jpg" title="Top 3 Takeaways from HfS&#039; Cognitive Agent Research" class="colorbox" rel="gallery-node-1217-eE8Q4LAZGQg"><img typeof="foaf:Image" src="https://www.futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Cognitive%20Agent_624x325.jpg?itok=8EPqcjKk" width="624" height="325" alt="" title="" /></a></div></div></div><div class="field field-name-field-intro field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"> <p><span xml:lang="EN-US">Top 3 Takeaways from our</span><span xml:lang="EN-US">&nbsp;Cognitive Agent</span>&nbsp;<span xml:lang="EN-US">Research</span></p> </div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p><span xml:lang="EN-US">Discussions about conversational AI are ubiquitous these days</span><span xml:lang="EN-US">&nbsp;and virtual or cognitive agents,&nbsp;</span><span xml:lang="EN-US">such as&nbsp;</span><span xml:lang="EN-US">chatbots and the like</span><span xml:lang="EN-US">,</span><span xml:lang="EN-US">&nbsp;are at the f</span><span xml:lang="EN-US">orefront. With the mission to understand how these technologies impact services, what they do (and don&rsquo;t do), an</span><span xml:lang="EN-US">d how they impact operations, w</span><span xml:lang="EN-US">e&nbsp;</span><span xml:lang="EN-US">recently</span><span xml:lang="EN-US">&nbsp;interviewed 100 enterprise C-Suite executives about their <a href="http://outsourcemag.com/automation-an-inevitable-reality-for-procurement" target="_blank">investments in cognitive</a></span><span xml:lang="EN-US">&nbsp;and were briefed by 19 service providers for their perspectives and capabilities</span><span xml:lang="EN-US">. Here&rsquo;s what you need to know about the rise of cognitive agents in the enterprise:</span></p> <ol> <li><strong><span xml:lang="EN-US">Real c</span><span xml:lang="EN-US">ognitive agents are&nbsp;</span><span xml:lang="EN-US">poised to impact business operations in a significant way</span></strong><span xml:lang="EN-US">.</span>&nbsp;<span xml:lang="EN-US">Most</span><span xml:lang="EN-US">&nbsp;people are familiar wit</span><span xml:lang="EN-US">h&nbsp;</span><span xml:lang="EN-US">consumer-focused conversational&nbsp;</span><span xml:lang="EN-US">assistants, like Alexa and Siri, or traditional chatbots that provide automated conversations using rules-based programming.&nbsp;</span><span xml:lang="EN-US">E</span><span xml:lang="EN-US">n</span><span xml:lang="EN-US">terprise-level cognitive agents</span><span xml:lang="EN-US">,&nbsp;</span><span xml:lang="EN-US">while still very nascent,</span><span xml:lang="EN-US">&nbsp;have greater learning</span><span xml:lang="EN-US">&nbsp;and processing capabilities that</span><span xml:lang="EN-US">&nbsp;transcend&nbsp;</span><span xml:lang="EN-US">those&nbsp;</span><span xml:lang="EN-US">basic conversational tools</span><span xml:lang="EN-US">.</span><span xml:lang="EN-US">&nbsp;True cognitive agents will have</span><span xml:lang="EN-US">&nbsp;the ability to self-learn and self-remediate, and are capable of executing on business processes</span><span xml:lang="EN-US">.</span><span xml:lang="EN-US">&nbsp;They also often</span><span xml:lang="EN-US">&nbsp;have the ability to understand structured and unstructured data, and to use natural language processing to learn, comprehend</span><span xml:lang="EN-US">&nbsp;and recommend next steps.&nbsp;</span><span xml:lang="EN-US">Advanced cognitive agents</span><span xml:lang="EN-US">&nbsp;may also enable predictive decision-making</span><span xml:lang="EN-US">&nbsp;using real-time analytics.&nbsp;</span><span xml:lang="EN-US">They can be used externally</span><span xml:lang="EN-US">&nbsp;to communicate with end customers</span><span xml:lang="EN-US">&nbsp;for customer service inquiries</span><span xml:lang="EN-US">&nbsp;as well as</span><span xml:lang="EN-US">&nbsp;internally</span><span xml:lang="EN-US">&nbsp;to augment customer service staff with knowledge management, for <a href="http://outsourcemag.com/node/880" target="_blank">IT helpdesk support</a>, or to assist with HR or finance processes (such as employee onboarding).</p> <p><span xml:lang="EN-US">This distinction is very important as&nbsp;</span><span xml:lang="EN-US">many use cognitive agents and chatbots synonymously.&nbsp;</span><span xml:lang="EN-US">While c</span><span xml:lang="EN-US">ognitive agents are a&nbsp;</span><span xml:lang="EN-US">less mature capability,&nbsp;</span><span xml:lang="EN-US">interest and adoption is growing rapidly.&nbsp; As shown in&nbsp;</span><span xml:lang="EN-US">Exhibit&nbsp;</span><span xml:lang="EN-US">1 below, while more enterprises are currently using <a href="http://outsourcemag.com/node/667" target="_blank">chatbots</a> (37%),&nbsp;</span><span xml:lang="EN-US">many more enterprises are in the evaluation st</span><span xml:lang="EN-US">age of cognitive agents (63%).&nbsp;</span><span xml:lang="EN-US">We believe this is due to the greater level of capability for cognitive agents to impact real business outcomes.&nbsp; While chatbots c</span><span xml:lang="EN-US">an work in a well</span><span xml:lang="EN-US">-</span><span xml:lang="EN-US">designed self-</span><span xml:lang="EN-US">help scenario functioning as a glorified FAQ</span><span xml:lang="EN-US">&nbsp;or something similar</span><span xml:lang="EN-US">, when poorly implemented&nbsp;</span><span xml:lang="EN-US">it&nbsp;</span><span xml:lang="EN-US">can often be more of an obstacle for&nbsp;</span><span xml:lang="EN-US">end customers</span><span xml:lang="EN-US">&mdash;</span><span xml:lang="EN-US">the new digital version of &ldquo;I</span><span xml:lang="EN-US">nteractive&nbsp;</span><span xml:lang="EN-US">V</span><span xml:lang="EN-US">oice&nbsp;</span><span xml:lang="EN-US">R</span><span xml:lang="EN-US">esponse</span>&nbsp;<span xml:lang="EN-US">jail</span><span xml:lang="EN-US">.&rdquo;</p> <p>Exhibit 1<br /><img alt="" src="http://outsourcemag.com/sites/default/files/HfS_image1.png" /><br /><em><span xml:lang="EN-US">Source:&nbsp;</span>HfS&nbsp;Research,&nbsp;<span xml:lang="EN-US">154 Enterprise Decision Makers</span>&nbsp;</em></span></span><br />&nbsp;</li> <li><span xml:lang="EN-US"><strong>Cognitive agents are not simply about cost reduction or call deflection</strong>.&nbsp;</span><span xml:lang="EN-US">Enterprises aren</span><span xml:lang="EN-US">&rsquo;</span><span xml:lang="EN-US">t investing in cognitive solutions for cost savings.</span>&nbsp;<span xml:lang="EN-US">Cognitive agents have been shown to deliver</span><span xml:lang="EN-US">&nbsp;improved security,&nbsp;</span><span xml:lang="EN-US">customer and employee experience</span><span xml:lang="EN-US">&nbsp;and visibility over business processes.</span><span xml:lang="EN-US">&nbsp;In general</span><span xml:lang="EN-US">, the greatest benefits C-</span><span xml:lang="EN-US">s</span><span xml:lang="EN-US">uites have realized through their cognitive technology investments have been improved data security and simplified business processes</span><span xml:lang="EN-US">.</span>&nbsp;<span xml:lang="EN-US">In the front office or call center, m</span><span xml:lang="EN-US">any cognitive agents today are used as &ldquo;assistants&rdquo; to live agents, helping them to find information for the customer faster and</span><span xml:lang="EN-US">/or&nbsp;</span><span xml:lang="EN-US">recommend personalized offers</span><span xml:lang="EN-US">.</span><span xml:lang="EN-US">&nbsp;In one enterprise use case, we heard about cognitive agents helping to weed out woul</span><span xml:lang="EN-US">d-be phishers</span><span xml:lang="EN-US">&nbsp;before the live agent interaction (which in turn, reduced&nbsp;</span><span xml:lang="EN-US">A</span><span xml:lang="EN-US">verage&nbsp;</span><span xml:lang="EN-US">H</span><span xml:lang="EN-US">andling&nbsp;</span><span xml:lang="EN-US">T</span><span xml:lang="EN-US">ime</span><span xml:lang="EN-US">)</span><span xml:lang="EN-US">.&nbsp;</span><span xml:lang="EN-US">When used within internal enterprise processes such as HR, cognitive agents have shown the ability to&nbsp;</span><span xml:lang="EN-US">speed up onboarding processes and reduce security concerns and errors.&nbsp;</span></li> <li aria-setsize="-1" data-aria-level="1" data-aria-posinset="3" data-font="Calibri" data-leveltext="%1)" data-listid="4" role="listitem" style="clear:both;" value="3"> <p paraeid="{9b78324a-34a0-414f-8f50-d39165e1cb40}{24}" paraid="1952619829"><span xml:lang="EN-US"><strong>The success of cognitive agents is more about culture than technology</strong>.&nbsp;&nbsp;</span><span xml:lang="EN-US">An unwillingness to change and let go of past investments is</span><span xml:lang="EN-US">&nbsp;often what is</span><span xml:lang="EN-US">&nbsp;holding back&nbsp;</span><span xml:lang="EN-US">business from experimenting with or successfully implementing cognitive agents</span><span xml:lang="EN-US">. When investing in cognitive solutions, some of the primary issues to be addressed are change management, cultural re-alignment</span><span xml:lang="EN-US">&nbsp;and a shift in talent requirements.</span>&nbsp;<span xml:lang="EN-US">Those who have successfully implemented cognitive agents spoke of the need for transparency and being clear about&nbsp;</span><span xml:lang="EN-US">anticipated business outcomes.&nbsp;</span><span xml:lang="EN-US">Business leaders&nbsp;</span><span xml:lang="EN-US">need to be focused on</span><span xml:lang="EN-US">&nbsp;employee impact&nbsp;</span><span xml:lang="EN-US">and demonstrate how cognitive&nbsp;</span><span xml:lang="EN-US">agents&nbsp;</span><span xml:lang="EN-US">can&nbsp;</span><span xml:lang="EN-US">enhance their jobs, not diminish or eliminate them. It is important to place employees, as much as customers, at the center of any digital business transformation</span><span xml:lang="EN-US">&nbsp;to ensure that culture, values, talent</span><span xml:lang="EN-US">&nbsp;and business process expertise are not lost amid</span><span xml:lang="EN-US">st</span><span xml:lang="EN-US">&nbsp;the changes.&nbsp;</span></p> </li> </ol> <p paraeid="{9b78324a-34a0-414f-8f50-d39165e1cb40}{24}" paraid="1952619829"><span xml:lang="EN-US">Bottom line:</span>&nbsp;<span xml:lang="EN-US">Cognitive agent</span><span xml:lang="EN-US">&nbsp;technology is here</span><span xml:lang="EN-US">.</span>&nbsp;<span xml:lang="EN-US">N</span><span xml:lang="EN-US">ow enterprises must find&nbsp;</span><span xml:lang="EN-US">the right&nbsp;</span><span xml:lang="EN-US">business problems and opportunit</span><span xml:lang="EN-US">ies to apply cognitive agents</span>&nbsp;<span xml:lang="EN-US">and develop a culture that aligns</span><span xml:lang="EN-US">&nbsp;employees&nbsp;</span><span xml:lang="EN-US">to these outcomes</span><span xml:lang="EN-US">.</span></p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/cognitive-agent" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Cognitive Agent</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/chatbot" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Chatbot</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/automation" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Automation</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/artificial-intelligence-ai" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Artificial Intelligence (AI)</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Security</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Top 3 Takeaways from HfS&#039; Cognitive Agent Research - Future of Sourcing" addthis:url="https://www.futureofsourcing.com/top-3-takeaways-from-hfs-cognitive-agent-research"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Thu, 12 Jul 2018 00:42:40 +0000 Melissa O'Brien 1217 at https://www.futureofsourcing.com https://www.futureofsourcing.com/top-3-takeaways-from-hfs-cognitive-agent-research#comments Data, APIs and the Future of Healthcare: Addressing the Connectivity Challenge https://www.futureofsourcing.com/data-apis-and-the-future-of-healthcare-addressing-the-connectivity-challenge <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://www.futureofsourcing.com/sites/default/files/articles/Data%20Storage%20625x324.jpg"><a href="https://www.futureofsourcing.com/sites/default/files/articles/Data%20Storage%20625x324.jpg" title="Data, APIs and the Future of Healthcare: Addressing the Connectivity Challenge" class="colorbox" rel="gallery-node-1164-eE8Q4LAZGQg"><img typeof="foaf:Image" src="https://www.futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Data%20Storage%20625x324.jpg?itok=jpJAKjdm" width="624" height="325" alt="" title="" /></a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p>For <a href="http://outsourcemag.com/procurement-from-theory-to-practice" target="_blank">healthcare providers</a> operating in an increasingly competitive and demanding environment, leveraging technology to analyze data and gain contextualized insight represents the key to success, if not survival. To deliver services effectively, providers must have real-time access to detailed information at the point of care. An emergency room physician treating a stroke victim, for example, needs instant access to lab results and the patient&rsquo;s health history to deliver the best treatment. From an operational standpoint, administrators need consolidated, accurate and up-to-date account and insurance information (as anyone who&rsquo;s dealt with healthcare paperwork can attest).</p> <p>But efficient management of basic patient information &ndash; while a formidable challenge in and of itself &ndash; is just the beginning. The healthcare industry faces increasing pressure to demonstrate the effectiveness of wellness programs in improving outcomes and reducing demand for health services. That means providers must assess myriad cause/effect variables and integrate data from a growing number of sources such as smart sensors on medical devices and wearables that continually collect, share and analyze data. And as the market becomes more consumer-centric, patients increasingly demand &ndash; and expect &ndash; seamless digital services and user-friendly apps accessible via mobile devices.&nbsp;</p> <p>These imperatives require aggregating data from multiple sources that include general and specialist practitioners, insurance companies and pharmacies, as well as increasingly sophisticated medical equipment and personal devices. Indeed, the world generates an estimated 750 quadrillion bytes of health-related data every day &ndash; a volume that will only grow as <a href="http://outsourcemag.com/artificial-intelligence-whats-now-and-next-in-iot-driven-supply-chain-innovation" target="_blank">Internet of Things (IoT)</a> capabilities take root.&nbsp;</p> <p>In this environment, healthcare providers face the dual challenge of wrapping their arms around the data they already have, while at the same time establishing an operational foundation to support the integration of exponentially growing volumes of new data in the future.&nbsp;</p> <p>Regarding existing data, the reality is that most healthcare providers struggle to meet even basic requirements around managing patient information, accessing data at the point of care and addressing regulator demands. The fundamental issue is a disconnect between internal systems, operational towers and databases. While many industries face the challenge of integrating a wide range of data sources, the problem is particularly acute in healthcare, given its traditional reliance on closed systems and emphasis on patient information security. Too often, healthcare providers struggle to access data from isolated towers that operate as distinct entities, with different standards and inefficient processes. Legacy systems contain vast volumes of unstructured data that, while difficult to access, is essential to managing patient records and delivering care. Mergers and acquisitions compound these issues, as the process of absorbing new entities is ineffective and often fails to deliver the anticipated efficiencies.&nbsp;</p> <p>To address these challenges, healthcare providers today typically deploy teams of programmers to write middleware&nbsp;to connect information silos and integrate legacy systems and new applications. The process is arduous, complex and time-consuming, and requires customized connections for each new point of communication, as well as coding and development work for orchestration, security and deployment.&nbsp;</p> <p>Healthcare industry experts increasingly view Application Programming Interface (<a href="http://outsourcemag.com/node/722" target="_blank">API</a>) tools based on open source standards as an effective alternative to this traditional approach. Equipped with preconfigured code snippets that fully define how applications communicate with one another, open source API tools bypass the tedious process of coding connections on a customized, one-off basis, and instead enable plug-and-play connectivity between systems.&nbsp;</p> <p>Despite these advantages, the healthcare industry has been slow to embrace API tools. The main concern is around security &ndash; the idea of seamlessly and easily connecting data from myriad sources intuitively seem risky. Industry studies, however, have found that well-managed APIs are secure, and are in fact more secure than traditional ad hoc and customized interfaces.&nbsp;</p> <p>By enabling access to a wide range of different data sources, APIs can provide the essential foundation healthcare providers needed to support the new age of delivery &ndash; one characterized by seamless management of patient information and unprecedented levels of insight driven by continuous and increasingly autonomic data collection and analysis. And, by connecting systems in a controlled, structured and secure manner, APIs can help reconcile the fundamental conflict plaguing healthcare information management; namely, the need to reconcile easy access to vast volumes of data with rigorously protected patient information.&nbsp;</p> <p>More specifically, APIs facilitate access to the &ldquo;right&rdquo; data &ndash; data that can yield meaningful insight into operations or patient care. This is particularly important to address HIPAA requirements that allow providers access to certain types of data and restrict access to others.&nbsp;</p> <p>In terms of a sourcing and technology partner strategy, healthcare providers should seek API expertise complemented by capabilities around change management, process optimization and Agile methodology. Achieving optimal benefits from API tools requires process improvement, including redesign and the deployment of automation tools.&nbsp;</p> <p>Agile, meanwhile, is characterized by flexibility, responsiveness and engagement with business requirements &ndash; attributes that are essential in today&rsquo;s rapidly evolving healthcare environment.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/data" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Data</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/internet-of-things-iot" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Internet of Things (IoT)</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/application-programming-interface-api" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Application Programming Interface (API)</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/healthcare" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Healthcare</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Security</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Data, APIs and the Future of Healthcare: Addressing the Connectivity Challenge - Future of Sourcing" addthis:url="https://www.futureofsourcing.com/data-apis-and-the-future-of-healthcare-addressing-the-connectivity-challenge"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Wed, 09 May 2018 22:07:49 +0000 Jose A. Diaz Infante 1164 at https://www.futureofsourcing.com https://www.futureofsourcing.com/data-apis-and-the-future-of-healthcare-addressing-the-connectivity-challenge#comments Share prices drop 5% after a data breach – so why is protecting information still not seen as a ‘business problem’? https://www.futureofsourcing.com/share-prices-drop-data-breach-protecting-information-not-a-business-problem <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://www.futureofsourcing.com/sites/default/files/articles/cybersecurity%20625x325.jpg"><a href="https://www.futureofsourcing.com/sites/default/files/articles/cybersecurity%20625x325.jpg" title="Share prices drop 5% after a data breach – so why is protecting information still not seen as a ‘business problem’? " class="colorbox" rel="gallery-node-1017-eE8Q4LAZGQg"><img typeof="foaf:Image" src="https://www.futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/cybersecurity%20625x325.jpg?itok=fG_yu1Qx" width="624" height="325" alt="" title="" /></a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <div style="clear:both;"> <p paraeid="{7e876788-91f1-42bf-bb4a-e3d5c533aea1}{68}" paraid="1860244990"><span xml:lang="EN-GB">The&nbsp;</span><span xml:lang="EN-GB">impact of a data breach&nbsp;</span><span xml:lang="EN-GB">sends shock waves</span><span xml:lang="EN-GB">&nbsp;throughout an entire&nbsp;</span><span xml:lang="EN-GB">company</span><span xml:lang="EN-GB">.</span>&nbsp;<span xml:lang="EN-GB">Recent high-profile cybersecurity crises hitting&nbsp;</span><span xml:lang="EN-GB">organisations</span><span xml:lang="EN-GB">&nbsp;including</span><span xml:lang="EN-GB">&nbsp;Equifax,&nbsp;</span><span xml:lang="EN-GB">Wonga</span><span xml:lang="EN-GB">,&nbsp;</span><span xml:lang="EN-GB">Yahoo</span><span xml:lang="EN-GB">,&nbsp;</span><span xml:lang="EN-GB">TalkTalk</span><span xml:lang="EN-GB">&nbsp;and the NHS</span>&nbsp;<span xml:lang="EN-GB">have highlighted the&nbsp;</span><span xml:lang="EN-GB">significant</span><span xml:lang="EN-GB">,</span>&nbsp;<span xml:lang="EN-GB">far reaching&nbsp;</span><span xml:lang="EN-GB">consequences</span>&nbsp;<span xml:lang="EN-GB">a&nbsp;</span><span xml:lang="EN-GB">data&nbsp;</span><span xml:lang="EN-GB">breach can&nbsp;</span><span xml:lang="EN-GB">have on</span><span xml:lang="EN-GB">&nbsp;reputation, c</span><span xml:lang="EN-GB">ustomer&nbsp;</span><span xml:lang="EN-GB">trust, share price and company finances.&nbsp;</span><span xml:lang="EN-GB">A&nbsp;</span><a href="https://www.centrify.com/media/4737054/ponemon_data_breach_impact_study.pdf" rel="noreferrer" target="_blank"><span xml:lang="EN-GB">Ponemon</span><span xml:lang="EN-GB">&nbsp;research study</span></a>&nbsp;<span xml:lang="EN-GB">commissioned by&nbsp;</span><span xml:lang="EN-GB">Centrify</span><span xml:lang="EN-GB">&nbsp;has shown</span><span xml:lang="EN-GB">, for example,&nbsp;</span><span xml:lang="EN-GB">that&nbsp;</span><span xml:lang="EN-GB">consumers are&nbsp;</span><span xml:lang="EN-GB">ready t</span><span xml:lang="EN-GB">o walk away from&nbsp;</span><span xml:lang="EN-GB">a company that&nbsp;</span><span xml:lang="EN-GB">fails to&nbsp;</span><span xml:lang="EN-GB">ensure</span><span xml:lang="EN-GB">&nbsp;their privacy</span><span xml:lang="EN-GB">.</span>&nbsp;&nbsp;</p> </div> <div style="clear:both;"> <p paraeid="{7e876788-91f1-42bf-bb4a-e3d5c533aea1}{72}" paraid="1276482548"><span style="font-size: 13.008px;" xml:lang="EN-GB">An astonishing h</span><span style="font-size: 13.008px;" xml:lang="EN-GB">alf of all consumers (51 per cent</span><span style="font-size: 13.008px;" xml:lang="EN-GB">) have been notified by a company or government body&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">that&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">their personal information&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">has been&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">lost or stolen as a resu</span><span style="font-size: 13.008px;" xml:lang="EN-GB">lt of one or more data breaches&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">in the past</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">two yea</span><span style="font-size: 13.008px;" xml:lang="EN-GB">rs.</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">Th</span><span style="font-size: 13.008px;" xml:lang="EN-GB">is has caused serious damage:&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">65 per cent</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;of consumers&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">lost trust in that organisation</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;and&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">one in four&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">has&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ended&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">their relationship&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">with the</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;company fo</span><span style="font-size: 13.008px;" xml:lang="EN-GB">llowing a security incident</span><span style="font-size: 13.008px;" xml:lang="EN-GB">.</span></p> </div> <div style="clear:both;"> <p paraeid="{7e876788-91f1-42bf-bb4a-e3d5c533aea1}{136}" paraid="713940637"><span style="font-size: 13.008px;" xml:lang="EN-GB">In addition to&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">t</span><span style="font-size: 13.008px;" xml:lang="EN-GB">arnishing a company&rsquo;s reputation, data breaches hit shareholder value.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">The&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">Ponemon</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">report found that the stock value index of 113 co</span><span style="font-size: 13.008px;" xml:lang="EN-GB">mpanies declined an average of five per cent</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">the day a breach was disclosed</span><span style="font-size: 13.008px;" xml:lang="EN-GB">, resulting in millions of pounds of losses. They also&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">experienced up to a&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">seven per cent c</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ustomer churn.</span></p> </div> <div style="clear:both;"> <p paraeid="{7e876788-91f1-42bf-bb4a-e3d5c533aea1}{172}" paraid="611525151"><span style="font-size: 13.008px;" xml:lang="EN-GB">With GDPR</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">and mandatory breach notifications&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">on the horizon</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">it has never been more important&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">for</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">a company to take adequate steps to secure&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">its&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">data&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&ndash;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;particularly if it&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">is&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">involved in&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">a complex and geographically dispersed supply chain.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">Ponemon&rsquo;s</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;research reveals that most businesses currently lack the understanding and leadership necessary to do this, however.&nbsp;</span></p> </div> <div style="clear:both;"> <h2><strong><span xml:lang="EN-GB">The expectations gap</span></strong></h2> </div> <div style="clear:both;"> <p paraeid="{7e876788-91f1-42bf-bb4a-e3d5c533aea1}{222}" paraid="91291359"><span xml:lang="EN-GB">When it comes to safeguarding their personal information and preventing data loss, consumers&nbsp;</span><span xml:lang="EN-GB">expect companies to take more responsibility&nbsp;</span><span xml:lang="EN-GB">tha</span><span xml:lang="EN-GB">n</span><span xml:lang="EN-GB">&nbsp;they&rsquo;re willing to assume.&nbsp;</span><span xml:lang="EN-GB">Almost&nbsp;</span><span xml:lang="EN-GB">three quarters&nbsp;</span><span xml:lang="EN-GB">of consumers&nbsp;</span><span xml:lang="EN-GB">(73</span><span xml:lang="EN-GB">&nbsp;per cent</span><span xml:lang="EN-GB">) believe organisations have an obli</span><span xml:lang="EN-GB">gation to&nbsp;</span><span xml:lang="EN-GB">control who has access to their personal information, but&nbsp;</span><span xml:lang="EN-GB">less than half&nbsp;</span><span xml:lang="EN-GB">(44 per cent</span><span xml:lang="EN-GB">)&nbsp;</span><span xml:lang="EN-GB">of&nbsp;</span><span xml:lang="EN-GB">IT practitioners</span><span xml:lang="EN-GB">&nbsp;agree.&nbsp;</span>&nbsp;&nbsp;</p> </div> <div style="clear:both;"> <p paraeid="{c084b073-05df-4d1d-b399-9975f7a2dfc6}{15}" paraid="65579836"><span style="font-size: 13.008px;" xml:lang="EN-GB">Consumers have a distinct lack of faith in companies&rsquo; abilit</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ies</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;to meet their expectations. S</span><span style="font-size: 13.008px;" xml:lang="EN-GB">eventy per cent</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;say&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">privacy and security practices are very impo</span><span style="font-size: 13.008px;" xml:lang="EN-GB">rtant to preserving their trust, but only&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">31</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;per cent</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">believe&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">organisations&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">are able</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;at a high level</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;to protect their personal information</span><span style="font-size: 13.008px;" xml:lang="EN-GB">.</span></p> </div> <div style="clear:both;"> <h2><strong><span xml:lang="EN-GB">The C-suite blind spot</span></strong></h2> </div> <div style="clear:both;"> <p paraeid="{c084b073-05df-4d1d-b399-9975f7a2dfc6}{65}" paraid="522097792"><span xml:lang="EN-GB">With so much at stake, d</span><span xml:lang="EN-GB">ata security&nbsp;</span><span xml:lang="EN-GB">has become a</span><span xml:lang="EN-GB">&nbsp;bottom-line concern, and should be elevated to the boardroom.&nbsp;</span><span xml:lang="EN-GB">Senior executives must take the lead on developing and implementing a comprehensive&nbsp;</span><span xml:lang="EN-GB">security strategy&nbsp;</span><span xml:lang="EN-GB">that&nbsp;</span><span xml:lang="EN-GB">protect</span><span xml:lang="EN-GB">s the entire&nbsp;</span><span xml:lang="EN-GB">business</span><span xml:lang="EN-GB">&nbsp;and brand</span><span xml:lang="EN-GB">, with a holistic approach that also inc</span><span xml:lang="EN-GB">orporates&nbsp;</span><span xml:lang="EN-GB">the s</span><span xml:lang="EN-GB">upply chain.&nbsp;</span></p> </div> <div style="clear:both;"> <p paraeid="{c084b073-05df-4d1d-b399-9975f7a2dfc6}{103}" paraid="609779996"><span style="font-size: 13.008px;" xml:lang="EN-GB">Worryingly, however,&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">39</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;per cent</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">of IT practitioners</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">don&rsquo;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">t believe senior level executives</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;take</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;brand protection seriously, while&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">70 per cent</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;do not believe their companies have a high-level ability to prevent breaches</span><span style="font-size: 13.008px;" xml:lang="EN-GB">.</span></p> </div> <div style="clear:both;"> <p paraeid="{c084b073-05df-4d1d-b399-9975f7a2dfc6}{137}" paraid="317137314"><span style="font-size: 13.008px;" xml:lang="EN-GB">IT&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">itself also&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">needs to better understand the link bet</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ween cybersecurity and the wid</span><span style="font-size: 13.008px;" xml:lang="EN-GB">er implications of a breach: 71 per cent</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;of I</span><span style="font-size: 13.008px;" xml:lang="EN-GB">T practitioners do not believe that brand protection is their responsibility</span><span style="font-size: 13.008px;" xml:lang="EN-GB">, while only 18 per cent</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;allocate a p</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ortion of their IT security budg</span><span style="font-size: 13.008px;" xml:lang="EN-GB">et to brand preservation</span><span style="font-size: 13.008px;" xml:lang="EN-GB">. Only three per cent</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;of IT pros are concerned about falling share prices following a breach</span><span style="font-size: 13.008px;" xml:lang="EN-GB">. If this is to change, it needs to be driven from the top.&nbsp;</span><span style="font-size: 13.008px;">&nbsp;&nbsp;</span></p> </div> <div style="clear:both;"> <p paraeid="{c084b073-05df-4d1d-b399-9975f7a2dfc6}{175}" paraid="281315535"><span style="font-size: 13.008px;" xml:lang="EN-GB">There are a number of industry best practices a business can follow to&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">protect its i</span><span style="font-size: 13.008px;" xml:lang="EN-GB">mage,&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">strengthen its&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">credibility and&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">retain its&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">customer loyalty</span><span style="font-size: 13.008px;" xml:lang="EN-GB">.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">I</span><span style="font-size: 13.008px;" xml:lang="EN-GB">mproving cy</span><span style="font-size: 13.008px;" xml:lang="EN-GB">bersecurity</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">is essential for&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">strengthening&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">a company&rsquo;s</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">resilience to breaches as well as&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">its&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ability to recover&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">if the worst happens.&nbsp;</span></p> </div> <div style="clear:both;"> <p paraeid="{c084b073-05df-4d1d-b399-9975f7a2dfc6}{223}" paraid="847026587"><strong style="font-size: 13.008px;"><span xml:lang="EN-GB">Appoint a fully&nbsp;</span></strong><span style="font-size: 13.008px;" xml:lang="EN-GB"><strong>dedicated CISO</strong>.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">It&rsquo;s</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;the&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">role of the&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">C</span><span style="font-size: 13.008px;" xml:lang="EN-GB">hief&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">I</span><span style="font-size: 13.008px;" xml:lang="EN-GB">nformation</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">S</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ecurity&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">O</span><span style="font-size: 13.008px;" xml:lang="EN-GB">fficer (</span><span style="font-size: 13.008px;" xml:lang="EN-GB">CISO)&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">to educate&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">senior&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">executives&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">o</span><span style="font-size: 13.008px;" xml:lang="EN-GB">n&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">the merits of investing in adequate security defences.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">The ideal candidate will be&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">someone who has an established track record of moving organisations from an immature to a strong security posture</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;and who can bring real experience to achieving best practice.&nbsp;</span><span style="font-size: 13.008px;">&nbsp;&nbsp;</span></p> </div> <div style="clear:both;"> <p paraeid="{d103a488-6e65-4f54-b354-7a30c3189cfd}{28}" paraid="426045104"><strong style="font-size: 13.008px;"><span xml:lang="EN-GB">Invest in security</span></strong><span style="font-size: 13.008px;" xml:lang="EN-GB">.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">A&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">comprehensive security strategy&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">is central to&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">preventing unauthorised a</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ccess to and disclosure of&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">customer data</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;and ensuring the confidentiality, integrity, availability and resilience of systems and services.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">There must be&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">adequate budget</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;allocated to invest in skilled staff and up-to-date security enabling technologies&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&ndash;&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">particularly enterprise-wide en</span><span style="font-size: 13.008px;" xml:lang="EN-GB">cryption.</span></p> </div> <div style="clear:both;"> <p paraeid="{d103a488-6e65-4f54-b354-7a30c3189cfd}{68}" paraid="1274015578"><span style="font-size: 13.008px;" xml:lang="EN-GB"><strong>Invest in other resources</strong>.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">Strategic&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">investments in people, process</span><span style="font-size: 13.008px;" xml:lang="EN-GB">es</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;and technologies</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">will also p</span><span style="font-size: 13.008px;" xml:lang="EN-GB">rotect the&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">organisation if a breach</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;occurs</span><span style="font-size: 13.008px;" xml:lang="EN-GB">. C</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ompanies</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;with a strong security posture are&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">better equipped to respond</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;to a breach event</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;&ndash; and the&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">same&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">report found that organisations in this category saw an average</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">share price decline&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">of no</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;more than&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">three per cent,</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">with t</span><span style="font-size: 13.008px;" xml:lang="EN-GB">he stock value&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">recover</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ing a</span><span style="font-size: 13.008px;" xml:lang="EN-GB">fter</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;only seven days.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">In contrast,&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">the stock prices of&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">companies&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">with&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">a poor&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">security posture declined&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">as much as seven per cent</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">and this&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">lasted on a</span><span style="font-size: 13.008px;" xml:lang="EN-GB">v</span><span style="font-size: 13.008px;" xml:lang="EN-GB">erage&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">more than 90 days. They&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">were&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">also&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">more likely&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">to lose customers.&nbsp;</span></p> </div> <div style="clear:both;"> <p paraeid="{d103a488-6e65-4f54-b354-7a30c3189cfd}{170}" paraid="1867090452"><strong style="font-size: 13.008px;"><span xml:lang="EN-GB">Plan for the worst.&nbsp;</span></strong><span style="font-size: 13.008px;" xml:lang="EN-GB">Less than a third of IT professionals rate&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">their companies&rsquo; ability to prevent&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">or resolve&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">a data</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">breach as high</span><span style="font-size: 13.008px;" xml:lang="EN-GB">.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">To&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">improve confidence in this area</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">an effective data breach&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">preparedness plan&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">is critical.</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">This should include&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">procedures for communicating with investors</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">and regulators.</span></p> </div> <div style="clear:both;"> <p paraeid="{d103a488-6e65-4f54-b354-7a30c3189cfd}{218}" paraid="1869472025"><strong style="font-size: 13.008px;"><span xml:lang="EN-GB">Build a culture of security awareness.&nbsp;</span></strong><span style="font-size: 13.008px;" xml:lang="EN-GB">Effective t</span><span style="font-size: 13.008px;" xml:lang="EN-GB">raining and awareness programmes</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;will&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">reduce employee negligence by&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">increasing their understanding of the&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">risks and threats posed by cyberattacks</span><span style="font-size: 13.008px;" xml:lang="EN-GB">, and ensure&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">everyone is working together to protect against potential infiltrators</span><span style="font-size: 13.008px;" xml:lang="EN-GB">.</span><span style="font-size: 13.008px;">&nbsp;&nbsp;</span></p> </div> <div style="clear:both;"> <p paraeid="{d103a488-6e65-4f54-b354-7a30c3189cfd}{248}" paraid="1750911255"><strong style="font-size: 13.008px;"><span xml:lang="EN-GB">Undertake r</span><span xml:lang="EN-GB">egular security vulnerability audits</span><span xml:lang="EN-GB">.&nbsp;</span></strong><span style="font-size: 13.008px;" xml:lang="EN-GB">R</span><span style="font-size: 13.008px;" xml:lang="EN-GB">egular assessments w</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ill&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ensure that any&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">security holes</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;in a computer, network, or communications infrastructure are identified</span><span style="font-size: 13.008px;" xml:lang="EN-GB">. M</span><span style="font-size: 13.008px;" xml:lang="EN-GB">easures can then be taken to address them</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;and guard against&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">future breaches.</span></p> </div> <div style="clear:both;"> <p paraeid="{5a9bd6a3-2364-47b2-800d-a565fdc94d14}{27}" paraid="1217110791"><strong style="font-size: 13.008px;"><span xml:lang="EN-GB">Incorporate policies and assessments for managing</span><span xml:lang="EN-GB">&nbsp;third-party risk</span><span xml:lang="EN-GB">.&nbsp;</span></strong><span style="font-size: 13.008px;" xml:lang="EN-GB">A</span><span style="font-size: 13.008px;" xml:lang="EN-GB">n identity and access management (IAM) system is a good start</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ing</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;point</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;to audit and categorise&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">who has access to what data and when</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;and&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">exercise control over who sees what.</span></p> </div> <div style="clear:both;"> <p paraeid="{5a9bd6a3-2364-47b2-800d-a565fdc94d14}{59}" paraid="689630263"><strong style="font-size: 13.008px;"><span xml:lang="EN-GB">Collaborate&nbsp;</span><span xml:lang="EN-GB">across silos.&nbsp;</span></strong><span style="font-size: 13.008px;" xml:lang="EN-GB">I</span><span style="font-size: 13.008px;" xml:lang="EN-GB">nternal teams&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">must&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">focus on the bigger picture and&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">open up&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">more&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">clear</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;channels of communication&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">across lines of business</span><span style="font-size: 13.008px;" xml:lang="EN-GB">, working together to&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">determine data&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">security priorities</span><span style="font-size: 13.008px;" xml:lang="EN-GB">.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">CMOs and their teams are a vital component in incident response plans, for example.</span><span style="font-size: 13.008px;">&nbsp;&nbsp;</span></p> </div> <div style="clear:both;"> <p paraeid="{5a9bd6a3-2364-47b2-800d-a565fdc94d14}{101}" paraid="1263643513"><strong style="font-size: 13.008px;"><span xml:lang="EN-GB">Participa</span><span xml:lang="EN-GB">te in threat sharing programmes.&nbsp;</span></strong><span style="font-size: 13.008px;" xml:lang="EN-GB">S</span><span style="font-size: 13.008px;" xml:lang="EN-GB">imilar organisations can often be targeted by the same threat</span><span style="font-size: 13.008px;" xml:lang="EN-GB">, so taking&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">part in a threat sharing programme</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">with partners and companies you trust offers a better and often faster way to detect attacks</span><span style="font-size: 13.008px;" xml:lang="EN-GB">.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">It also&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">helps you avoid d</span><span style="font-size: 13.008px;" xml:lang="EN-GB">oing work that has already been carried out by someone else.&nbsp;</span></p> </div> <div style="clear:both;"> <p paraeid="{5a9bd6a3-2364-47b2-800d-a565fdc94d14}{133}" paraid="303772963"><span style="font-size: 13.008px;" xml:lang="EN-GB">Data breaches have become common</span><span style="font-size: 13.008px;" xml:lang="EN-GB">place</span><span style="font-size: 13.008px;" xml:lang="EN-GB">, and</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">are a business problem with serious consequences.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">The C-</span><span style="font-size: 13.008px;" xml:lang="EN-GB">s</span><span style="font-size: 13.008px;" xml:lang="EN-GB">uite needs to be actively engaged in defending a company&rsquo;s reputation and value by addressing&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">how information is used and secured.</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">Without strong</span><span style="font-size: 13.008px;">&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">leadership,&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">there will continue to be a d</span><span style="font-size: 13.008px;" xml:lang="EN-GB">isconnec</span><span style="font-size: 13.008px;" xml:lang="EN-GB">t between the priorities of&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">organisations and their customers</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;and&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">a&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">lack of clarity over who is responsible for protecting customer data</span><span style="font-size: 13.008px;" xml:lang="EN-GB">.&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">T</span><span style="font-size: 13.008px;" xml:lang="EN-GB">he outcome will be lost&nbsp;</span><span style="font-size: 13.008px;" xml:lang="EN-GB">custom</span><span style="font-size: 13.008px;" xml:lang="EN-GB">ers and m</span><span style="font-size: 13.008px;" xml:lang="EN-GB">illions being wiped of</span><span style="font-size: 13.008px;" xml:lang="EN-GB">f</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;share prices</span><span style="font-size: 13.008px;" xml:lang="EN-GB">,</span><span style="font-size: 13.008px;" xml:lang="EN-GB">&nbsp;with no hope of a quick recovery.</span></p> </div> <p>&nbsp;</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/cybersecurity" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Cybersecurity</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/data-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Data Management</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Security</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/information-technology-it" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Information Technology (IT)</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Share prices drop 5% after a data breach &amp;ndash; so why is protecting information still not seen as a &amp;lsquo;business problem&amp;rsquo;? - Future of Sourcing" addthis:url="https://www.futureofsourcing.com/share-prices-drop-data-breach-protecting-information-not-a-business-problem"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Fri, 06 Oct 2017 03:10:45 +0000 Andy Heather 1017 at https://www.futureofsourcing.com Brexit splits UK businesses over data law https://www.futureofsourcing.com/node/691 <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://www.futureofsourcing.com/sites/default/files/articles/Chris-Cope-Dec-2015-3-624x325%20%281%29.jpg"><a href="https://www.futureofsourcing.com/sites/default/files/articles/Chris-Cope-Dec-2015-3-624x325%20%281%29.jpg" title="Brexit splits UK businesses over data law" class="colorbox" rel="gallery-node-691-eE8Q4LAZGQg"><img typeof="foaf:Image" src="https://www.futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Chris-Cope-Dec-2015-3-624x325%20%281%29.jpg?itok=6PjlHtCE" width="624" height="325" alt="" title="" /></a></div></div></div><div class="field field-name-field-related-news field-type-entityreference field-label-above"><div class="field-label">Related news:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/node/702">Of exit and Brexit</a></div><div class="field-item odd"><a href="/node/695">Will the UK save £1.6bn on procurement after Brexit?</a></div><div class="field-item even"><a href="/node/673">Brexit: more March Madness</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p>As Brexit slowly begins to become a reality, there are worrying signs that British businesses are cancelling vital data protection reforms - in the mistaken hope that rules will change once the UK has left Europe.</p> <p>The UK vote to trigger Article 50 came shortly after politicians across the continent ratified the EU General Data Protection Regulation (GDPR), following years of negotiations. This legislation, which has been in the pipeline for the best part of a decade, is designed to harmonise data protection regulation throughout Europe and provide citizens with more control over their personal data. It has been backed by the UK and is due to come into force in May 2018 – almost certainly before Britain completes its exit from Europe.</p> <p>Despite that fact, all the signs are that businesses across the country are delaying, postponing or even cancelling preparations in a mistaken belief that the regulation may not apply once Britain has finally left Europe.</p> <p>At Crown Records Management we commissioned a survey to poll IT decision-makers at UK companies with more than 100 employees, looking at attitudes to the forthcoming regulation. It produced some very uncomfortable results and showed for example that:</p> <ul> <li> 24 per cent have cancelled all preparation for the regulation.</li> <li> A further 4 per cent have not even begun preparation.</li> <li> 44 per cent think the regulation will not apply to UK business after Brexit.</li> </ul> <p>Some of those figures should come as a shock to the business world – especially those in outsourcing where keeping track of data is an extra challenge - and act as a wake up call. However, the survey showed wide differences in results across different sectors and different regions – indicating that Britain is pretty confused about how to respond to the new regulations.</p> <p>For example:</p> <ul> <li> The number of businesses cancelling preparations was as high as a third in the banking sector.</li> <li> But in the insurance sector – and in the legal sector - not a single respondent had cancelled preparations. For those in the pharmaceutical sector it was only 4 per cent.</li> <li> As many as 55 per cent in banking think the regulation will not apply to UK businesses after Brexit.</li> <li> This figure was only 15 per cent for those in insurance.</li> </ul> <p>This picture was played out across the country with vast differences in how different regions are preparing:</p> <ul> <li> In Birmingham and in Norwich half of those polled had cancelled preparations for the EU General Data Protection Regulation because of Brexit.</li> <li> But in Sheffield nobody said they had cancelled preparations.</li> <li> In Belfast a massive 79 per cent believed the EU GDPR would not apply after Brexit.</li> <li> In Sheffield the figure was only 15 per cent.</li> </ul> <p>These variations may be of particular concern when services are outsourced but they should be a worry for every type of business in every sector.</p> <p>It’s good to see many businesses are aware of the importance of keeping up with new legislation and are on top of updating their data protection polices. But for so many to be cancelling preparations is a problem because this regulation is going to affect them all in one way or another. Firstly, it is likely to be in place before any Brexit. Secondly, although an independent Britain would no longer be a signatory it will still apply to all businesses which handle the personal information of European citizens.</p> <p>`When you consider how many EU citizens live in the UK it’s hard to imagine many businesses here being unaffected - especially in the outsourcing industry. It is important to understand first of all that the underlying principles of the EU General Data Protection Regulation have not been questioned by the UK – in fact UK officials and politicians were heavily involved in the drawing up of the new regulation and we have some of the most stringent data regulation in the world here already. The reality is we are likely to continue to see stringent data protection in an independent UK rather than a watered-down version.</p> <p>In fact our survey revealed that at least half of companies saw Brexit as an opportunity for Britain to position itself as the safest place to do business through even more robust legislation. So there is certainly a possibility that the data protection future in the UK will be even more heavily regulated. This means the best course for every business is to prepare now and have a watertight information management system in place as soon as possible. This issue is not going away and to ignore it and hope that Brexit will somehow absolve companies from requiring watertight information management policies is a mistake.</p> <p>The new regulation will bring in huge new fines for data breaches – as high as 20 million euros or up to 4 per cent of global turnover for the most serious offences – and that should be enough to focus minds. There will also be strong guidance on how quickly a breach should be reported and a heavy emphasis on providing citizens with greater control over their personal data. Businesses need to consider now whether they know what data they are holding, where it is and how easy it will be to edit or delete – and Brexit is not going to save them from that responsibility.</p> <p>There was <em>some</em> good news from the Crown Records Management Survey, however. It also revealed that:</p> <ul> <li> 70 per cent of businesses with more than 100 employees have already appointed a data protection officer, one of the requirements of the EU GDPR.</li> <li> Half have introduced staff training and only 4 per cent do not plan to.</li> <li> 72 per cent have reviewed data protection policies.</li> <li> 44 per cent have undertaken an information audit.</li> </ul> <p>These are important statistics, particularly when it comes to staff training because a vast majority of data breaches are down to human error. But the overall picture is that many businesses are holding back on preparations for the EU General Data Protection Regulation – and that should be addressed. For British businesses to thrive in the new data era, there is no room for confusion: having a robust data protection and information management system in place is absolutely vital.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/brexit" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Brexit</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/politics" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Politics</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/data-analytics" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Data Analytics</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Security</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/law" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Law</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Brexit splits UK businesses over data law - Future of Sourcing" addthis:url="https://www.futureofsourcing.com/node/691"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/europemiddle-eastafrica" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Europe/Middle East/Africa</a></div></div></div> Thu, 04 May 2017 15:30:43 +0000 John Culkin 691 at https://www.futureofsourcing.com Getting smart with migration https://www.futureofsourcing.com/node/809 <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p>Large organisations face very similar IT challenges. Regardless of industry, they need to continually innovate, increase profits, decrease costs and drive efficiencies throughout their operations.</p> <p>Considering that as much as 80 per cent of an organisation&rsquo;s IT spend goes towards maintaining systems and infrastructure, it&rsquo;s no surprise that many business leaders are looking to migrate their IT foundations to more functional, up-to-date technologies.</p> <p>It is widely acknowledged that IT Service Management (ITSM) is pivotal to any businesses&rsquo; success, continuity and competitiveness. However, with an expected lifespan of five years, we see that many businesses think they have the correct solutions in place, but behind the scenes they are struggling with legacy ITSM systems that are either out-dated or not fit for purpose.</p> <p>Considering this, it&rsquo;s not surprising that approximately 38 per cent of migration projects fail, leading to serious disruption of services and unnecessary stresses and costs.</p> <p>Upgrading ITSM is not easy, and the big question is how to find a way to ensure business continuity throughout a migration project with a guarantee of zero disruption to mission-critical services.</p> <p><strong>If it&rsquo;s not broken, why fix it?</strong></p> <p>Large organisations that have been in business for more than twenty years typically depend on a complex mix of old and new technologies across their operations. While many of these older technologies still perform the task at hand, they&rsquo;re hampering many businesses from embracing the latest digital technologies.</p> <p>The reasons for the complex mix of ITSM systems currently found in most large businesses are the result of years and years of mergers and acquisitions. Each M&amp;A deal brings in another ITSM systems, so businesses are left with two or more legacy systems which can never integrate properly and add additional complexity and duplication.</p> <p>Business leaders agree: nine out of ten IT heads claim legacy systems are preventing them from harnessing the digital technologies required to grow and become more efficient (according to Vanson Bourne).</p> <p>The complexity of legacy ITSM tools means that many organisations are reluctant to make changes. Each product or service they support is generally assisting to maintain the SLA through hundreds &ndash; if not thousands &ndash; of applications and systems, processes and components. A small change to one system component can have a huge knock-on effect across the business. However with smaller, more nibble companies increasingly winning market share, large cumbersome organisations are looking at ways to re-invent their ITSM foundations in support of future digital initiatives.</p> <p><strong>Re-invent the foundations</strong></p> <p>Organisations typically face three options when evaluating an ITSM modernisation project:</p> <p>1. Do nothing, and continue to manage the existing ITSM infrastructure<br />2. Rip out and replace the entire ITSM infrastructure<br />3. Migrate to the latest and best ITSM architecture included in Gartner&rsquo;s Magic Quadrant for ITSM tools</p> <p>Considering the opportunities presented by the digital world we now live in, companies cannot afford to do nothing. In addition, bulldozing the entire infrastructure and starting again is costly, and highly likely to cause considerable downtime and disruption to services. However by working with a partner and migrating towards a modern digital architecture, organisations can ensure mission-critical services remain up and running &ndash; with no disruption.</p> <p><strong>Three success factors</strong></p> <p>Any large-scale ITSM migration project must offer organisations a guarantee of zero-downtime, total business stability and no disruption to client services. Achieving this is difficult without the right partner in place.</p> <p>Businesses looking to migrate their legacy infrastructure should consider three core competencies in any partner.</p> <p><em>1. Project management</em><br />A dedicated project management team &ndash; available 24/7 &ndash; should lead on any migration project. They should take full accountability of the project&rsquo;s success, overseeing and ensuring a full migration path is in place (supported by robust SLAs that keep the project on track). They must also demonstrate proven success in delivering large-scale migration projects. Ideally, it should help businesses benefit from nearshoring development and project management services to reduce costs.</p> <p>It is also vital that the project management team follows ITIL or IT4IT disciplines.</p> <p><em>2. The right tools</em><br />Any partner must also demonstrate specific technical expertise in facilitating market-leading ITSM toolsets, such as ServiceNow, Remedy or HP Service Manager.</p> <p>There is much to consider for any business taking on the ITSM migration challenge, including: incident generation tools, reporting databases, CMBDs and integration implementation. There also needs to be a handshake exchange between the existing ITSM and external ITSMs to cover incidents, regular upgrades and changes, and problem and service catalogs. Native and non-native communication can be easily overcome by using the right qualified IPAAS component.</p> <p>It should also have its own partnerships with major software and hardware vendors in place.</p> <p><em>3. The right deliverables with the correct procedures</em><br />The right partner will also have its own understanding of project deliverables and procedures to help keep projects on budget and generating expected results.</p> <p>The essence is years of experience and fine-tuning pf project methodologies, an experience that many existing in-house teams would be missing out on, while an external project team should integrate and work very closely with the operations team and account management.</p> <p>The best results, based on years of refining best practice are to split the project down the following deliverables:</p> <p>&bull; Data model exports and on boarding<br />&bull; User acceptance testing<br />&bull; Reporting modules<br />&bull; CMDB<br />&bull; External integration implementations for incident, problem, change and catalogue.<br />&bull; Asset management<br />&bull; Self-service portals<br />&bull; Incident generation via sys/app monitoring<br />&bull; IPAAS service for situation where endpoints cannot talk natively.</p> <p>By choosing the right partner, companies can expect:</p> <ul> <li><em>Secure migration:</em>&nbsp;zero disruption to existing services &ndash; no impact on customers.</li> <li><em>Budget optimisation:</em>&nbsp;reduce operating costs by migrating legacy infrastructures by X per cent.</li> <li><em>Security:</em>&nbsp;data remains secure and always available throughout the migration process. No loss!</li> <li><em>Improved service:</em>&nbsp;talented, qualified and experienced staff, alongside the highest partner accreditations and delivery methods (ITIL, PMP, PRINCE2, and Six Sigma) deliver an enhanced service.</li> <li><em>Measurement:</em>&nbsp;robust SLAs and KPIs keep migration projects on track and under budget.</li> </ul> <p><strong>Conclusion</strong></p> <p>Staying ahead of competitors is not easy. It requires the ability and agility to seize emerging opportunities. By moving away from older and legacy ITSM systems to a more contemporary and flexible business model, companies will be better poised to seize future opportunities within budget and at a reasonable expense.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/migration" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Migration</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/transformation" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Transformation</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/strategy" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Strategy</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Security</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/technology" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Technology</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Getting smart with migration - Future of Sourcing" addthis:url="https://www.futureofsourcing.com/node/809"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div> Mon, 24 Oct 2016 18:33:41 +0000 Daniel Olsson 809 at https://www.futureofsourcing.com https://www.futureofsourcing.com/node/809#comments Getting multiple suppliers to work together https://www.futureofsourcing.com/node/805 <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p><em>Multi-supplier service is all the rage, together with its linking agent Service Integration and Management (SIAM). Wonderful in theory... How does one practically get multiple parties to collaborate towards a common end?</em></p> <p>It was recognised early in the development of multi-supplier models that there needed to be a unifying agent. A great deal of time and effort went into the development of new operating models, associated structures and contractual mechanisms. Some of the measures proposed have been found to be inadequate. This is not to say that the efforts have been wrong, just that the task is enormous. The implication is that any CIO staking a career on its delivery had best tread with caution and regard what they are told with scepticism.</p> <p>&ldquo;End-to-end&rdquo; in itself can have several perspectives, commonly including customer journey, ITIL process and service lifecycle. Successful performance requires coherence across all.</p> <p><strong>Outcomes Sought</strong></p> <p>An article such as this can look only generically. Your organisation will have its own drivers and priorities. The most commonly encountered drivers that require immediate action are:</p> <ul> <li>the expiry of current sourcing arrangements; and</li> <li>a financial crisis requiring a significant change in the way things are done.</li> </ul> <p>Commonly desired business outcomes of service model change include:</p> <ul> <li>Move faster, capture benefit sooner</li> <li>Achieve more for a given level of resource, make better choices</li> <li>Optimise risk</li> </ul> <p>To be meaningful within your context and specific to your environment, these high-level objectives need to be driven down to much lower levels so that they become measurable and can be put into action. The outcomes that good levels are likely to contribute to include:</p> <ul> <li>Reduced friction and management cost for coordination efforts, including management time</li> <li>Faster implementation of change and higher success rates</li> <li>Productive improvement across the supply chain</li> </ul> <p>Absent effective collaboration, symptoms include:</p> <ul> <li>Multiple and protracted arguments concerning who is responsible for implementing aspects of a decision and who is to pay what</li> <li>Lack of clarity of impact to be expected from change and glacial decision-making</li> <li>Service failures are frequent, the reasons are not clear and the action to be taken to stem them is unknown</li> <li>Information does not flow effectively between parties; it is slow and insufficient</li> </ul> <p>There is no one simple action that can be taken to fix this. Many and coordinated measures need to be taken in a coherent manner. This is hardly surprising as there are many parties, each with many aspects to direct with approaches developed over time and divergent interests. The elements are so inter-dependent that it is rightly known as a &ldquo;complex&rdquo; problem.</p> <p><strong>Levers Available</strong></p> <p>The greatest volume of discussion has been heard in the areas of contract and structure. Research by McKinsey that led to the production of the&nbsp;<a data-mce-="" href="http://tompeters.com/2011/03/a-brief-history-of-the-7-s-mckinsey-7-s-model/" target="_blank">7S framework</a>&nbsp;pointed to wider considerations also being necessary. The 7S model and levers below are based on the theory that for an organisation to perform well, these seven elements need to be aligned and mutually reinforcing. So, the model can be used to help identify what needs to be realigned to improve performance, or to maintain alignment (and performance) during other types of change:</p> <p><em>Contract, Commercial Management</em><br />The contractual terms have to be consistent with the agreement that the parties wish to implement.&nbsp;Initial experiments focused on strong &ldquo;collaboration agreements&rdquo; with obligations and sanctions applied to each supplier based on overall performance. These have been progressively weakened as suppliers complained they were being held accountable for the failings of others. They are now generally as robust as a wet paper bag.&nbsp;Recent examples seen have used &ldquo;principles&rdquo; for collaboration and joint working together with individual suppliers&rsquo; obligations and standards for interchange. Think of the contract as up to 20% of what you need to address: big, vital, but not the whole story.&nbsp;The time taken to complete major contract change can be months, so these are not at all flexible.</p> <p><em>Incentives</em><br />Contracts frequently have aspects that address incentives, be it reward or censure. These can be useful and are important to get right. High-stakes incentives can have perverse consequences and should be used with caution. Creative incentives can include elements such as speaking on behalf of a supplier. This can be immensely valuable for the supplier when the message is positive, having a strong influence on their ability to win other business.</p> <p><em>Charm, Cajole (and Other Behaviours)</em><br />It is cheap to deploy, sensitive to situation and infinitely flexible. Its application takes skill. Its success relies upon the making of promises to satisfy the real needs and desires of the other. This is predicated upon listening hard enough to discern what they are.&nbsp;Persuasion can be delivered both directly and creatively. I can quietly let your boss know that attention lapsed to gain your concentration next time.&nbsp;People are remarkably sensitive to behaviours, particularly where there is inconsistency between what is said and what is done. The example set by those in a position of influence (consciously or otherwise) is most important. They can praise and nudge to obtain the required state &ndash; or ignore it and face the consequences.</p> <p><em>Issue Resolution, Drive</em><br />There is a great deal of work to be done to drive implementation and sustain performance through continual improvement. Part of the coordination role is to pick up on issues and drive them to resolution. This requires skills in those occupying a position in which they look end-to-end and ensure that where obstacles are encountered, they are overcome. Those who perform it with talent and integrity earn high levels of trust from all. It is the embodiment of working in the overall interest of the customer.&nbsp;If issues are important, known and remain un-resolved, they will drag down performance of the system and demotivate performance.</p> <p><em>Process, Procedure, Policy, Standard,&nbsp;OLA</em><br />Dull but vital.&nbsp;These formal mechanisms are the life-blood of predictable daily operations. The key role to get right is the Process Owner who looks end-to-end at the process&rsquo;s effectiveness and brings the parties together to drive improvement (see &#39;Issue Resolution&#39; above).&nbsp;OLAs (operating level agreements) are useful to support the low-level interactions that occur many thousands of times. Operational people get these as a great boon to mutual support and cooperation. Commercial types are frequently terrified of additional obligations. Standards (including architecture, security) are vital for coordination. Keep these clean and recognise that when you change them, there may well be a cost.&nbsp;These are only of value if it is&nbsp;<a data-mce-="" href="http://www.oareborough.com/insights/why-do-good-people-make-bad-calls-in-a-crisis/" target="_blank">ensured that people work to them</a>.</p> <p><em>Tooling</em><br />Invariably a source of great pain. Customers, never having had to think about it neglect the cost, time to get it properly configured, and low-level data definition that is required to get organisations to exchange data effectively. Neglect this at your peril!&nbsp;Customers realise that there are some coordinating assets over which they simply have to retain control, but they can still hire an expert to help them deliver.</p> <p><em>Organisation / Structure</em><br />The arrangement and relationship between components of the overall structure, their relative roles and responsibilities can be depicted on easily comprehensible PowerPoint pictures. It is useful to get this right. Most overstate its significance in sustaining success.&nbsp;Of greater importance is the capability of the organisations and their interactions to realise the requirements imposed upon them by the chosen model. It is in this area that problems occur. Structure is easy to model. Organisation requires work and consistent application to be realised.</p> <p><em>Measurement, Management, Reporting</em><br />Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.&nbsp;This activity is typically structured in accordance with the governance levels it supports. The trick is to ensure that the right questions are asked (see&nbsp;<a data-mce-="" href="http://www.oareborough.com/insights/asking-the-right-questions/" target="_blank">here</a>&nbsp;and&nbsp;<a data-mce-="" href="http://www.oareborough.com/insights/numbers-numbers-everywhere/" target="_blank">here</a>), so that the measurements reported provide the insight and guidance required by governance to act intelligently. This requires a high degree of skill and intelligence in key roles.</p> <p><em>Strategy, Goals</em><br />Strategy is the plan or approach by which goals are achieved. Where articulated, clear and shared it is an essential means of leadership. It supports intelligent resource allocation and holding people to account for its achievement. Strategy is stable, tactics are situational and change over time.&nbsp;Strategy is an element of planning. This then has to be executed in action. A plan, however elegant, that cannot be realised effectively, is a bad one.</p> <p><em>Vision, Values</em><br />These are vital elements of leadership. They have a strong influence on behaviour. They are intangible and sit above transactions. The way that those transactions are performed can be consistent or inconsistent with the vision or values. As such, it is worthwhile working them out and stating them in the contract and elsewhere. Leaders should make frequent reference to them and guide behaviour accordingly. They have a role in the selection of suppliers; those who have incompatible values or a vision of domination have no place in multi-supplier operations. Hire one, and you will have grief for years.</p> <p><em>Skills, Staff</em><br />Once a contract has been defined, there is a challenging on-going task to hold parties to account for performance of the obligations. Many struggle with this. It requires the customer to have managers at least as talented and energetic as those of the suppliers. Most common areas of challenge are issue resolvers, commercial and financial managers.</p> <p>Integration is all about the coherent marshalling of many components towards a shared end. This cannot be done by working on elements in isolation. The capabilities required are frequently under-estimated, undermining the success of the venture. This does not make the multi-supplier model a bad one, just unsuitable for those who will not face up to the dependencies. The levers are principally soft and behavioural. They are however immensely powerful and difficult to wield well.</p> <p>&ldquo;I came to see in my time at IBM that culture isn&#39;t just one aspect of the game: it&nbsp;<em>is</em>&nbsp;the game.&rdquo; -&nbsp;Lou Gerstner.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/contract" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Contract</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/law" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Law</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/risk" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Risk</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Security</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/strategy" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Strategy</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/supplier-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Supplier Management</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/multisourcing" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Multisourcing</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Getting multiple suppliers to work together - Future of Sourcing" addthis:url="https://www.futureofsourcing.com/node/805"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div> Wed, 12 Oct 2016 18:12:43 +0000 William Hooper 805 at https://www.futureofsourcing.com The General Data Protection Regulation: Key implications for UK outsourcing https://www.futureofsourcing.com/node/787 <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://www.futureofsourcing.com/sites/default/files/articles/Chris-Cope-Dec-2015-1-624x325.jpg"><a href="https://www.futureofsourcing.com/sites/default/files/articles/Chris-Cope-Dec-2015-1-624x325.jpg" title="The General Data Protection Regulation: Key implications for UK outsourcing" class="colorbox" rel="gallery-node-787-eE8Q4LAZGQg"><img typeof="foaf:Image" src="https://www.futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Chris-Cope-Dec-2015-1-624x325.jpg?itok=K2iZSrOQ" width="624" height="325" alt="" title="" /></a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;">From 25 May 2018, a new European General Data Protection Regulation (the &ldquo;GDPR&rdquo;) will apply and change the rules applicable to businesses that process &ldquo;personal data&rdquo; such as customer and employee data. Organisations will need to consider implementing new procedures in order to comply. The new rules will impose more stringent requirements on organisations and strengthened rights for individuals, with the risk of substantial fines for non-compliance. We set out some of the key changes and implications for outsource providers and their customers from a UK perspective.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><strong>New, harmonised rules for Europe</strong></p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;">The GDPR is an EU regulation which will replace the existing EU Data Protection Directive - on which the current UK Data Protection Act 1998 (DPA) is based - and impose new data protection rules across the EU and beyond. In theory, the GDPR will introduce one set of data protection standards which apply in a largely uniform manner across all EU countries.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><strong>Applicable in the UK?</strong></p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;">It appears likely at this stage that the GDPR will apply in the UK for some time until Brexit negotiations are completed and that the GDPR will therefore replace the DPA. Even if the UK does leave the EU, it is likely the GDPR will be replaced with alternative equivalent legislation. In addition, many UK businesses would continue to fall within scope because of its broad territorial application.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><strong>Data processors now caught</strong></p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;">A notable feature of the GDPR is that both data controllers (such as employers in respect of their employee data) and data processors (those who process data on behalf of employers, such as outsource providers) will be subject to binding legal obligations. Consequently, for those dealing with clients&rsquo; personal data as an outsourced processor, the legal framework is set to become more onerous.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><strong>Key changes</strong></p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;">The new requirements will bring several key changes to the outsourcing industry.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><em>New legal requirements for data processors.&nbsp;</em>Data processors (which are not currently subject to the UK DPA) will need to comply with certain requirements of the legislation and the legal risk will not sit solely with data controllers. For the first time, outsource companies in their capacity as data processors will be liable to fines and to compensate individuals in the case of their non-compliance.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><em>Data protection officers.</em>&nbsp;Businesses (whether data controllers or data processors) will need to appoint a data protection officer (DPO) with &ldquo;expert&rdquo; knowledge of data protection law and practice, if their core activities consist of:<br />&bull; regular and systematic monitoring on a large-scale; or<br />&bull; processing on a large-scale of sensitive personal data and personal data relating to criminal convictions and offences.<br />DPOs are granted protected status because of the nature of their role. They must be allowed to perform their duties independently and must not be dismissed or penalised simply for doing their job.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><em>New mandatory notification requirement.</em>&nbsp;Notification of personal data breaches (breaches of security leading, for example, to accidental loss or unauthorised disclosure) will become mandatory in certain circumstances. Data controllers will have to notify all breaches to the regulator within 72 hours (unless the breach is unlikely to result in risk to individuals). Breaches which pose a high risk to the rights and freedoms of individuals will also need to be reported to the affected individuals, unless steps have been taken to encrypt the data or otherwise minimise the risk. The rules will require data processors to notify data controllers of any breach without undue delay after becoming aware of a breach.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><em>New penalties.&nbsp;</em>Outsource providers will be at risk of fines going forward and, in addition, the maximum fine for some breaches will increase to EUR 20 million or 4% of annual worldwide turnover in the previous year, whichever is higher. This is significantly higher than the current maximum penalty in the UK of &pound;500,000.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><em>Registration to be replaced with accountability.&nbsp;</em>The existing notification regime, whereby data controllers register with the regulator (in the UK, the Information Commissioner&rsquo;s Office) and pay a fee, will be replaced with an &ldquo;accountability principle&rdquo; which will require those dealing with personal data to take more proactive compliance steps.&nbsp;In particular, data controllers will be required to adopt internal policies and compliance procedures that demonstrate compliance with the requirements and update them where necessary.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><em>Record-keeping.</em>&nbsp;Both data controllers and data processors will need to document their data processing activities and make their records available to the regulator upon request (some organisations with fewer than 250 employees will be exempt from this requirement).</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><em>Risk assessments.&nbsp;</em>Data controllers will be required to have an eye to privacy issues at the onset of processing and implement data protection safeguards into projects by design and by default. Where processing carries a high risk, data controllers will need to conduct risk assessments known as &ldquo;Privacy Impact Assessments&rdquo; (or PIAs) and consult with the regulator before starting the processing. Time for such project-shaping assessments and discussions will need to be built into project timetables, particularly for more risky projects for example involving large volumes of health personal data.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><em>Sub-contractors and overseas transfers.&nbsp;</em>Sub-contracting will be a particular area of risk for outsource providers, as they will remain fully liable to the data controller for the performance of the sub-processor&rsquo;s obligations. If the sub-processor is based outside the European Economic Area, the data processor will need to have regard also to the overseas transfer restrictions &ndash; which are broadly similar to those in the DPA but now apply to data processors as well as data controllers.</p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;"><strong>Preparing for implementation</strong></p> <p style="line-height: 1.714285714; margin-top: 0px; margin-bottom: 1.714285714rem; color: rgb(68, 68, 68); font-family: 'Open Sans', Helvetica, Arial, sans-serif; font-size: 14px;">Outsource providers still have just under two years to assess the operational and legal impact of the GDPR on their businesses and make adjustments where required. The ICO has published guidance on its website which aims to help businesses prepare. When negotiating new contracts, both providers and their clients will also need to consider how they will appropriately allocate the additional risk and costs of increased compliance.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/security" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Security</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/law" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Law</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/contract" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Contract</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/brexit" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Brexit</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/data-protection" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Data Protection</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="The General Data Protection Regulation: Key implications for UK outsourcing - Future of Sourcing" addthis:url="https://www.futureofsourcing.com/node/787"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/europemiddle-eastafrica" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Europe/Middle East/Africa</a></div></div></div> Mon, 12 Sep 2016 17:37:08 +0000 Beverly Flynn 787 at https://www.futureofsourcing.com