10 Things You Need To Do If You Are Outsourcing an Activity

There is a growing trend towards organisations relying on outsourced service providers (OSPs) to deliver (often key) elements of their overall service. When you surrender service activities to a third party, how can you be certain that the OSP is operating to the standards you require? This can be of particular concern if your organisation is a regulated entity as regulators often demand that certain standards of practice are maintained.

There are many things that you should or could be doing to ensure that OSP performances do not put your service levels at risk. In this blog post, we have picked what we consider to be the ten most important measures that will allow you to quickly assess how your outsourced arrangements are standing up against expected behaviour. For larger organisations, it’s worth noting that pretty much all of the points below can be applied to intra-group outsourcing as well.

What you should know:

  1. Before appointing an OSP, conduct your own careful due diligence on the service providers being considered – we recommend using an industry-standard Due Diligence Questionnaire. Continue to do due diligence throughout the relationship. This is often a regulatory requirement/expectation.
  2. Put a formal written contract in place with the chosen service provider and ensure that it has the approval of the Board / Governing Body and review it periodically.
  3. Be clear about the levels of service and standards that need to be achieved and establish the Key Performance Indicators (KPIs). Be sure to document these in any Service Level Agreements you put in place with your OSP.
  4. Put one person in charge of the relationship with the OSP.
  5. Monitor your service providers on a regular basis against the agreed levels of service and standards.
  6. Conduct periodic reviews of service providers’ operations and processes.
  7. Review your service providers’ business continuity plans, data back-up procedures and data protection arrangements to ensure they are appropriate.
  8. Put a plan in place for responding to a service provider suffering a disruption to their business.
  9. Maintain awareness of alternative service providers who can provide the same service.
  10. Retain a reasonable level of the skills and expertise required to carry out the outsourced activity or function in-house in case the need ever arises for you to take back the activity.

Lastly, you should retain evidence that demonstrates you are doing all of the above.

Good guidance stems from a robust policy.

If you would like to receive an example of an Outsourcing Policy to help get you on the road to better outsourcing, click here.

This webinar focused on the Fundamentals of Third-Party Risk Management. This webinar took place on Aug 26th at 10.30am, 2021 BST.

Recent News

CalQRisk Shortlisted as Best Technology Partner in Housing Digital Innovation Awards

CalQRisk has been named a finalist in the Housing Digital Digital Innovation awards. CalQRisk is nominated as best ...
Read More

CalQRisk Achieves G-Cloud 14 Approved Supplier Status

Delighted to confirm that following on from our GCloud 13 supplier status, that CalQRisk has been listed as ...
Read More

CalQRisk named as Finalist for Cyber Security Provider of the Year at the Cyber Insurance Awards Europe

CalQRisk are thrilled to be finalists for the Cyber Security Solution Provider of the Year at the Cyber ...
Read More

Volunteer Succession Planning – ‘Tomorrow’ has arrived.

Strong succession planning is critical for the viability of all businesses but can be particularly challenging for volunteer-led ...
Read More

What is CSRD?

The Corporate Sustainability Reporting Directive (CSRD) is a framework for non-financial reporting which is mandatory for large companies ...
Read More

CalQRisk Triumphs at the 2024 FS Awards, Winning Compliance and RegTech Award

At a distinguished ceremony held at the iconic Mansion House, CalQRisk emerged as the proud recipient of the ...
Read More

NoFrixion Selects CalQRisk for its DORA Compliance Efforts

NoFrixion, the Embedded Banking company based in Dublin, Ireland, has announced its partnership with CalQRisk to ensure compliance ...
Read More

CalQRisk is a finalist in the FS Awards

CalQRisk has been named as a finalist in the competitive and prestigious FS Awards for the Compliance and ...
Read More

CalQRisk Customer Support Manager wins Rising Star at Irish Early Career Awards 2024

Congratulations to our Customer Support Manager, Eimear Farrell, who was named as a Rising Star in the Fintech ...
Read More

CalQRisk wins Pitch Competition at ESCO Cyber Solution Days Event, Kilkenny, September 2024

The Cyber Ireland (CI) CISO Forum and ESCO Cyber Solution Days event took place in the Lyrath Hotel, ...
Read More