seat58F
outsourcing relationships: international, inter-economic, interpersonal
September 4, 2010 ~ 09:42:30 AM * -07:00ST
how disgruntled are they?
Post # 124 by
rc on March 26th, 2009 ~ 11:47:34 AM
Posted as continuity, hr, metrics |
No Comments »
a pissed off workforce adds momentum to outsourcing discussions. awareness that employee attitude can influence information continuity issues moves executive team”discussions” into “negotiations” and some of the exposure is ultimately reduced.
two simple process areas bubble to the top of information continuity risk management: access control maintenance and separation of duties.
access control is not complete unless there is ongoing maintenance. the composition of outsourced workgroups is constantly changing; access to specific applications needs to be revoked if the agent’s role changes. KPIs? how about list review completion (%) by individual supervisors?
separation of duties is important in the application services space - developers should never have access to production systems.
a third, rarely seen, approach is to limit the access windows to certain assets. we think we are in an always-on world, but there are still many functions that only need to be executed at certain times.
force majeure
Post # 19 by
rc on March 10th, 2009 ~ 07:43:14 AM
Posted as capacity, continuity, contracts |
No Comments »
french in the contract means that people are really serious about maintaining service levels and that penalties are usually on the line. The service provider wants the service levels turned off when a fishing boat breaks the fiber running to the next continent; the client doesn’t want to monitor all the relationships with contributing suppliers.
Force Majeure language ( wikipedia ) usually means that neither party is interested in using either the contract or governance programs to actively manage risk. Very infrequently, the contract will refer to a joint risk management exercise, but these programs don’t reach very deeply into the operational stack.
Confidence is justified in some cases. Service Desk operations can implement a follow-the-sun strategy more easily than a datacenter operation, but have confidence that capacity won’t be an issue. Datacenters may invest in some level of redundant services as a band-aid for weak business process engineering or weak IT architecture.
In either recovery mode, service levels (and associated penalties) are usually turned off.
