Increase in remote risk assessment for IT outsourcers

Security moves up the list of business concerns

Concerns around security of outsourced systems is driving remote risk assessment

Concerns about the security of outsourced systems is driving the trend towards remote risk assessment of third party suppliers by large organisations, according to NCC Group.

The IT assurance specialist says it has seen a significant increase in the number of organisations using remote risk assessment of their third-party suppliers, as the trend for offshore outsourcing continues but concerns about suppliers’ IT security moves up the list of business concerns.

Nathan Jackson, director of Advisory at NCC Group, believes that remotely assessing third-party IT security will be increasingly used in the future: " Despite the lack of confidence in third-party IT security, the recent statistics indicate that offshore outsourcing will continue to increase as companies seek to maximise efficiencies.

A recent YouGov survey of 549 IT managers and directors, commissioned by NCC Group, found that 20 per cent of respondents from large companies believed that outsourced systems are less secure than those based in-house. And yet security concerns are doing little to discourage businesses from going down the outsourcing route. Analyst PA consulting said recently that 31 per cent of companies plan to outsource more over 2010, driven by demand for more efficient working methods.

“IT security risk assessment is commonly disregarded as costly and time consuming, but it has an important place in evaluating the controls implemented to protect in an organisation's information systems,” Jackson added.

Assessing risk remotely offers these companies a cost-effective way to monitor their suppliers’ IT security on a regular basis, as it reduces the need for travel.

With the Information Commissioner’s Office having implemented the £500,000 data-breach fine in April, risk assessments of third parties should be even more of a priority, NCC Group warns. However, in order to remain secure, organisations should insist that IT security compliance is adhered to across all suppliers, as well as the buying company itself.