Security risks in service offshoring and outsourcing

Purpose – Service outsourcing/offshoring represents an increasing phenomenon. Several factors (e.g. cost reduction, flexibility, access to new technologies and skills, access to new markets, focus on core activities) motivate the location of (IT or business) processes abroad and/or out of the companies’ boundaries. This choice determines also relevant risks. Knowledge and data protection constitutes one of the most relevant issues in service outsourcing/offshoring because it can strongly affect the success of these projects. The purpose of this paper is to propose an assessment framework that highlights the main risks of offshoring and outsourcing projects. Design/methodology/approach – Building on the model developed by Monczka et al. (2005), this work proposes a FMEA assessment framework that highlights the main risks of offshoring and outsourcing projects, their causes, effects and some possible (preventing/correcting) actions. The proposed framework has been implemented and tested in a multinational company for a long time involved in service offshoring/outsourcing projects. Findings – Adopting a failure mode and effect analysis (FMEA) approach, the study describes the main possible failures, their causes, effects and possible (preventive and corrective) actions, along all of the phases of typical outsourcing/offshoring projects. Originality/value – The paper develops an assessment framework able to identify the security risk profile of companies engaged in outsourcing/offshoring projects by considering the technical, legal and managerial aspects jointly; and detecting the causes of possible security failures and the related preventive and corrective actions.