Posted
By

In previous blogs in September/October 2011 (Supplier Selection; Contract Negotiations; Relationship Management) I offered practical tips on how to manage and mitigate some of the risks that arise throughout the life cycle of a typical outsourcing. These risks may arise during the supplier selection process, in the course of contract negotiations or during the implementation and day to day operation of the outsourced services. In this final chapter on managing risks in outsourcing I will focus on exiting from an outsourcing contract.

The exit from an outsourcing deal gives rise to a variety of different risks for a customer, particularly an exit following termination due to the supplier’s default or termination for convenience by the customer.

Common risks which you may face as a customer upon exiting an outsourcing contract include:

Continue reading

Posted
By

An effective pricing model is a foundational component for long-term success in an outsourcing relationship. Success or failure in a relationship can often be traced in part to the wisdom, or lack thereof, of the pricing model. A good pricing model will create predictability while serving to align interests, allocate risk, and manage expectations on both sides. A misguided one can foster mutual mistrust and lead to mismatched incentives, inefficiency, and unpredictable expenditures.

Given their importance to a successful outsourcing arrangement, it’s no surprise that industry pricing models continue to evolve. Stephanie Overby recently wrote on CIO.com about 4 new IT outsourcing pricing models; these include gain-sharing, incentive-based, consumption-based, and shared risk-reward pricing. While the nomenclature for pricing models may have taken a while to catch up, these “new models” have been in practice in some form for a number of years and may be more aptly construed as evolutions of existing models.

Here’s a quick run-through of a few of the traditional pricing models:

Continue reading

Posted
By

Back in 1999 Kevin Ashton, the British technology pioneer and cofounder of Auto-ID Center at MIT (creators of the global standard system for radio-frequency identification (RFID)), coined the term, the Internet of Things, to describe “uniquely identifiable objects (things) and their virtual representations in an internet-like structure.” Put simply, the Internet of Things refers to networks of everyday objects such as phones, car and household appliances which are wirelessly connected to the internet through smart chips, and can collect and share data.

Now, well over a decade later, the European Commission has issued an online questionnaire which seeks views on the future regulation of the Internet of Things. The Commission sees both opportunity and threat from the exponential growth of interconnected networks, with 50 billion wirelessly connected devices predicted by 2020: “The Internet of Things holds the promise of significant progress in addressing global and societal challenges and to improve daily life. It is also a highly promising economic sector for sustainability, growth, innovation and employment. But it is likely to have a profound impact on society, in areas like privacy, security, ethics, and liability.”

Predicting a future where everyday objects are linked, the Commission has started to gather views on how best to design and shape a regulatory framework which operates in an open manner, enabling a level playing field, whilst ensuring an adequate level of control over the connected devices gathering, processing and storing information. Views on privacy, safety and security, security of infrastructure, ethics, interoperability, governance and standards are sought. Responses to the questionnaire are requested by 12 July 2012. The Commission’s recommendation on the Internet of Things is expected to be published by summer 2013.

Posted
By

India’s recent demand for European Union designation as a data secure country (see our blog) has brought the issue into the spotlight. Here we take a closer look at those nations which have achieved EU recognition and the benefits of doing so.

Article 25.1 of the Data Protection Directive (in the UK enacted through the eighth principle of the Data Protection Act, 1998) prohibits the transfer of personal data to a third county (i.e. a country or territory outside the EEA) unless that third country provides an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Several exceptions to this rule are available including, in particular, the use of the approved EC model clauses.

Data transfers to third countries can take place in many circumstances, such as where an EU- based business relocates functions to subsidiaries outside the EEA, establishes an offshore shared service centre which processes, for example, HR or payroll data, where data is transferred for offshore processing as part of an outsourcing agreement with a third party supplier or as part of a hosting or cloud computing deal. The onus is on the data controller to ensure that he complies with the eighth data protection principle in relation to any cross-border data transfer of personal data.

Continue reading

Posted
By

ZDNet blogger, Michael Krigsman, reported recently that nearly 70% of IT projects fail in some important way: An eye-popping number!

There can be endless debate on the actual failure rate of IT projects – the answer most likely depends on the criteria used to define “failure” – but a couple points are clear:

  • An unacceptably large percentage of IT projects are not delivered on time or on budget or fail to produce the desired outcomes.
Continue reading

Posted
By

The topic of the day appears to be “big data,” meaning the aggregation, mining, and analysis of data. This data analytics helps determine customer profiles so that companies can tune their offerings and sell more of the right things to the right customers. As recently reported in the New York Times Magazine, Target, through the use of such analytics, was able to determine that a teen was pregnant by her purchases before her father knew she was pregnant. This allowed Target to adjust its coupon offers based on Target’s knowledge of buying practices of mothers-to-be. But, at what cost does this analytics come?

Caribou Honig, writing on Forbes.com, makes a case “In Defense of Small Data” that collecting, storing, and processing mounds of data is costly and provides no more–and perhaps less–useful data than analyzing only the limited data set that really matters. In addition, storing this volume of data has its own direct costs.

And this is only half of the story . . . There are also legal costs and risks to big data.

Continue reading
By
Posted In: Industry Trends
Posted
Updated:

Posted
By

According to a report in the Economic Times of India, the Indian government has demanded that the European Union designate her as a data secure country. The request came in the context of current bilateral free trade agreement negotiations. An Indian government official is reported saying “Recognition as a data secure country is vital for India to ensure meaningful access in cross border supply.” The official goes on the state that “we have made adequate changes in our domestic data protection laws to ensure high security of data that flows in.”

Seasoned India-watchers may disagree. Traditionally India has had no dedicated privacy or data protection laws, with various statutory aspects scattered under a number of enactments, such as India’s cyber law, The Information Technology Act 2000. In 2011, India finally enacted the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 to implement parts of the Information Technology (Amendment) Act 2008. The 2011 Rules cover a subset of personal data (referred to as sensitive personal data, but unhelpfully the meaning of this term differs from that used in the Data Projection Directive) and lay down security practices and procedures that must be followed by organisations dealing with such sensitive personal data.

The 2011 Rules were broad in scope and ambiguously drafted. The impact on the outsourcing sector was unclear and subsequent clarifications had to be rushed through by the Indian government. These clarifications helped somewhat but were still found wanting, with one commentator describing them as “half baked.”

Continue reading

Posted
By

Transition Services Agreements (TSAs) have become common (and more complex) in corporate divestitures, mergers, and spin-offs due to the increasing operational complexity of the environments impacted by these transactions. And if M&A activity increases as expected, despite a slow start in 2012, these agreements will continue to play an important (but often undervalued) role in the success of the transaction (especially after the closing dust settles).

Transition services typically are provided by the seller to the buyer (or by the former parent to the spun-off enterprise) to ensure business continuity and interim operational support for the impacted business during a “transitional” period after closing. Transition services may also be required from the buyer or divested enterprise where, for example, commingled tools, operations, software products, and know how need to be leveraged by the seller or former parent for some period of time. These “reverse” transition services are often overlooked.

In effect, transition services are a form of outsourcing where the processes that were previously handled internally are performed by the formerly affiliated enterprise during the transition period. Sounds simple, right? Isn’t it just maintaining the status quo for a short time?

Continue reading

Posted
By

Not too long ago a major supplier asked us what we are seeing in the cloud space. We thought the interchange might be of interest to readers of the blog — so here are some selected questions and our responses.

What impact have you seen or expect to see Cloud will have on the CIO Agenda?

We’ve seen:

Continue reading

Posted
By

Since the start of the 112th Congress, there has been a heightened focus on cybersecurity. Congress has not passed new cybersecurity related legislation since 2002 when the Federal Information Security Management Act was enacted. In 2011, the Obama Administration announced its cybersecurity proposal, and a number of bills are currently active in both the House and Senate that focus on different aspects of cybersecurity and the mechanisms to protect private infrastructure and networks against cyber threats. One of the major philosophical differences between the various bills is which government entity should be responsible for cybersecurity – the Department of Homeland Security (DHS) or the National Security Agency (NSA). The Administration’s proposal favors DHS over NSA.

The most widely supported proposal is the bipartisan Cybersecurity Act of 2012 sponsored by Sens. Joe Lieberman (I-Conn) and Susan Collins (R-Maine). The hallmark of this Bill is the requirement that companies notify DHS of intrusions into their networks and the creation of mandatory compliance with industry specific cybersecurity standards. Senator John McCain (R-AZ) has a competing bill in the Senate, the Secure IT Act (S.2151), that focuses on self-regulation by the private sector rather than imposing government standards.

In the House, there are three notable active bills: (i) The Secure IT Act (H.R. 4263) , (ii) the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act “PRECISE Act” (H.R. 3674), and (iii) the Cyber Intelligence Sharing and Protection Act of 2011(H.R. 3523). The House Secure IT Act was introduced on March 27, 2012, and mirrors Sen. McCain’s version of the bill. The two other bills set cybersecurity standards for critical private networks and focus on information sharing mechanisms between the government (notably the NSA) and internet service providers so that threatening traffic can be blocked before causing harm.

Continue reading