|“||contracting with another company (often called an outsourcing vendor) to provide services that an organization might otherwise have performed itself, e.g., software development.||”|
|“||[t]he process of delegating in-house operations to a third-party.||”|
|“||[t]he process of contracting with an external source to obtain goods or services that are currently being provided by government employees. Notwithstanding this service delivery approach, the government retains overall responsibility for the quality, timeliness and accuracy of the outsourced activities.||”|
The IT outsourcing trend — affecting activities ranging from computer help desks and data processing to R&D — can increase the exposure of an organization's systems and information to subversion. Outsourcing of services, to either foreign or domestic suppliers, increases risk by reducing control over access to systems and information. For example, apparently legitimate paths into an organization’s networks and access to network resources can be established that can be exploited for illegitimate purposes. In this environment, effective information assurance technologies are imperative.
- Criminal Justice Information Services Security Policy, Glossary, at A-9.
- GSA, A Guide to Planning, Acquiring, and Managing Information Technology Systems, at A-5 to A-6 (Ver. 1 Dec. 1998) (full-text).