The trend over recent years to outsource ever more sensitive functions has significantly increased a company’s exposure to risk. Over the same period, reputation and the value of the brand have grown in importance too, a combination that has placed a heavy emphasis on the impact suppliers have on the reputation and performance of the enterprise.
How your supplier behaves, and what processes your supplier has in place, can directly affect your business. In some cases those effects can be completely disproportionate to the value of the contract.
One emerging concern that is likely to grow in importance is data security. This is an area of particular importance to government departments and financial institutions following a number of high profile lapses in security, but increasingly corporate bodies will be required to sharpen their practices too.
Companies may have very strict processes in place for how their staff handle sensitive data – blue chip companies are very well thought of in this regard – but then all too often a supplier or contractor is called in to undertake IT work and the buyer of those services fails to check that the contractor has similarly rigours terms in place in relation to their subcontract employees. This is particularly sensitive where the data has been sent offshore to a low cost processing location or to a specialist computer facility and is therefore outside local court jurisdiction.
The danger is that a breach in security, with sensitive data being taken off-site, lost or misused by a supplier, could have a serious negative impact on a company’s hard earned reputation – and may even leave you, as the buyer, open to litigation. Greater scrutiny of a supplier’s contractual arrangements with its staff and subcontractors is essential in mitigating this risk.
What’s more, monitoring that those standards are maintained and contractual arrangements are current, is important too in ensuring the ongoing compliance of suppliers to the rigorous standards of data security that the buying organisation both requires and expects. In an environment where data is becoming increasingly valuable and tradeable this is likely to be a major area of risk for procurement teams in the future.
