We had talked of risks a few posts back. One reader got back to us on mitigation. Yes, if there is risk, it needs to be mitigated. I have articulated prospective mitigations against each risk.

  • Technology
    • Connectivity issues
      • Connectivity tested before off-shoring
      • Define when primary connection is determined to be inoperable and failover is activated
    • System performance issues
      • Alternate connectivity paths defined
    • Building a secure connection channel
      • Identify what type of VPN to use
      • Define what additional firewall has to be in place
    • Data security
      • Policy for security and confidentiality agreed upon in advance
      • All personnel trained on policy
      • Regular repetition of training
      • All new employees mandatorily trained
    • Environment security
      • Physical access and restrictions defined
      • Clear desk and clear screen policy implemented
    • Disaster recovery and Business Continuity
      • Documented and agreed upon disaster recovery plan with roles and responsibilities detailed
      • Disaster Recovery plan tested periodically
      • All possible situations with probability of occurrence determined
    • Access set up
      • All accesses should be informed in advanced
      • Roles set up in applications
      • Tested by subject matter experts in advance
    • Proper definition of the to-be applications
      • List all applications, not just of the function, but enabling applications as well
      • Define what roles and access rights are needed

Again, these are high level and indicative. You will have to consider the needs of your process and get more specific. We will continue this in the next post. Have a good day.