By Claire West

Experts at IT assurance specialist, NCC Group plc, have reported a significant increase in organisations using remote risk assessment of their third party suppliers, as the trend for offshore outsourcing continues to rise in a bid to maximise efficiencies.

A recent YouGov survey, commissioned by NCC Group, found that 20 percent of IT managers at large companies believed that outsourced systems are less secure than those based in-house, and are now turning to remote risk assessment as a way of regularly monitoring their suppliers IT security, as a result.

Offshore outsourcing has become increasingly popular in the USA and UK in recent years, with the recession causing companies to look for more efficient working methods. The latest PA consulting report said that 31 per cent of companies plan to outsource more over 2010*. However, in order to remain secure, organisations should insist that IT security compliance is adhered to across all suppliers, as well as the buying company itself.

Nathan Jackson, director of Advisory at NCC Group, believes that assessing third party IT security remotely will be increasingly used in the future: “Despite the lack of confidence in third party IT security, the recent statistics indicate that offshore outsourcing will continue to increase as companies seek to maximise efficiencies. IT security risk assessment is commonly disregarded as costly and time consuming, but it has an important place in evaluating the controls implemented to protect in an organisation's information systems.

“With the ICO having implemented the £0.5m data breach fine in April, risk assessments of third parties should be even more of a priority. Assessing risk remotely is hugely cost effective, as it reduces the need for travel and, as it can be carried out more often, it gives the buying company reassurance that any supplier is compliant at all times. At NCC Group, we have seen a marked increase in large international firms using this method to reduce costs and to ensure that they can monitor their suppliers’ IT security at regular intervals.”