Re: Offshore Systems Development

[Kshitz Agarwal]

Title: Offshore Systems Development

Dear Larry,   It is quite true that outsourcing helps to save huge amount of cost as well as the huge headache involved in operating a process center.   But whether it affects the security issues or life cycle of a process depends mainly upon the organization profile and the clients it is dealing with.   Lets take an example. there are numerous companies in US who are outsourcing there telemarketing work to low cost Indian companies. now, does the mere marketing of their product affect the security of the company?   I my view, one first has to identify as to which process he is going to outsource. As long as the process figures on the nodal point of chart of operations, there is less or no harm in outsourcing.   Remember depends on anyone for anything is bad, how much cost effective he is.   Think in this light,   Anyway, best of luck.   Regards,   Agarwal, Kshitiz.     ----- Original Message ----- From: Ryan, Larry To: [EMAIL PROTECTED] Sent: Monday, February 10, 2003 8:31 PM Subject: Offshore Systems Development My firm has made the decision to move a significant portion of their application/systems development and support to offshore vendors over the next two years.  While on the surface this business model appears to have certain economic benefits, I am concerned that (1) not all costs associated with this practice can be easily identified and/or quantified during the planning stages and (2) there are obvious security issues (and their associated costs) that need to be addressed prior to implementing this solution.  Because I am the only IT auditor at this company, I would appreciate any advice, guidance, council, audit programs, etc., relative to the risks of offshore application/systems development and support that this group could offer.  Thanks. Larry Ryan Senior Information Technology Auditor [EMAIL PROTECTED] 636.827.8715 Confidentiality Warning: This e-mail contains information intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient or the employee or agent responsible for delivering it to the intended recipient, any dissemination, publication or copying of this e-mail is strictly prohibited. The sender does not accept any responsibility for any loss, disruption or damage to your data or computer system that may occur while using data contained in, or transmitted with, this e-mail. If you have received this e-mail in error, please immediately notify us by return e-mail. Thank you.