T 2.86 Dependency on an outsourcing service provider

Due to an outsourcing project, the customer always becomes dependent on the outsourcing service provider. This results in the following typical threats:

• When outsourcing business processes, the corresponding internal know-how is lost.
• Employees of the customer leave the company or are transferred and take their know-how with them.

• IT systems and resources are ceded to the outsourcing service provider so that they can no longer be controlled completely.
• Customer and contractor estimate the protection requirements of the information outsourced differently, for example, due to misunderstandings in communications or a different security culture. Thus, the security safeguards taken might be inadequate or stored improperly.

Too great a dependency might also result in the following consequences that need to be taken into consideration:

• In general, insourcing is expensive and, in extreme situations even impossible.
• Changing the service provider is generally difficult and can result in situations threatening the existence of the organisation (availability, costs).
• Under certain circumstances, it is not possible to respond adequately to changes in the general conditions (e.g. change of ownership of the outsourcing service provider, change in the applicable laws, doubts as to the reliability of the outsourcing service provider).

If the outsourcing service provider notices a great dependency of the customer, the following problems might also arise:

• The service provider raises their prices drastically.
• The quality of the service provided is poor.
• The threat to stop the provision of the service immediately is used as leverage (e.g. when terminating the contract or in the event of disputes).