Businesses that adopt IT outsourcing solutions need to be aware of and responsible for threats to their information security – internally as well as in relation to third parties.

With security breaches becoming more common, and the consequences of them becoming greater, anyone involved in negotiating IT outsourcing contracts needs to pay as much attention to security provisions as to other elements of services, the director of security and privacy services at Deloitte argues.

Writing in Computer Weekly, James Nunn-Price warned: "Often, through commercial negotiations, the organisation and provider end up agreeing mutual minimum levels of service, including security. This results in the third party aiming for these minimums rather than trying to surpass them and so, on occasions, not even achieving them. This is a hard cycle to break."

Mr Nunn-Price went on to point to a number of British and international standards for information security that could serve as benchmarks for contractual provisions.

He concluded: "One thing is certain - as the threat of fraud and security incidents in outsourced operations increases, doing nothing, or even maintaining the status quo, is not an option."

© Adfero Ltd