Tutorial by Yudistira Asnar, Andrea Micheletti and Fabio Massacci
Outsourcing vs. Compliance - in Software Service Viewpoint
Monday September 13th Time: 9.00 - 13.00
Outsourcing is becoming a new trend in executing a business. Moreover, many believe an outsourcing benefits the organization. However, in recent years many studies indicate some (if not most) benefits are just myths and even moves against the business objectives. These studies also argue that this phenomenon occurs because of lack of control from the business owner.
In this tutorial, we present a new approach on managing a Business Process Outsourcing (BPO) that puts more emphasize on Security Governance, Risk, and Compliance (GRC) aspects of an Information System (IS). To give a high assurance on BPO, an organization needs to develop a program (i.e., not just a project) that manages GRC at business process level and not just at IT infrastructure level (commonly done in practice). Essentially, this program aims at controlling and assuring the compliance and governance of business process execution.