[Event Summary] A Contractual Approach to Manage Security Risks When Outsourcing


The audience was pleased to welcome Dr Sam De Silva for his second visit to speak for us.

He gave many interesting insights into how to negotiate a good IT outsourcing contract which is commercially a successful arrangement for both customer and outsourcing supplier.

He spoke about the due diligence needed on both sides, identifying the standards and legal aspects that need to be conformed to. This included the need to drive to define the right level of detail in the contract. Using his extensive experience he gave lots of good examples of how to document not too much or too little detail to create a manageable long term relationship. As a lawyer he was keen to highlight important items to be agreed before the contract is signed and itemised in the contract particularly from a security view point to ensure the customer and the customer’s clients are protected.

Key aspects of the talk covered:

  • Due diligence
  • Defining the contract and Service Level Agreements
  • Negotiation
  • Legal and standards requirements, at this point he also touched on negotiating contracts with suppliers in other countries
  • Risks and Benefits of outsourcing
  • Cost savings or not. (He discussed the idea that you may actually choose to enter into a contract which does not save you money) e.g. the specialist skills provided by the supplier provide compelling benefits in other areas. Ensuring security of your file servers being one very good example.
  • Transitioning to the new outsourcing arrangement
  • Maintaining the relationship

At the end of the talk Sam opened the event up to questions from the audience. There followed a good interactive discussion around many of the points from the talk particularly the challenges that new technology and the cloud bring to setting up contracts of this nature.

Video Available