Offshore outsourcing is when a business employs a third-party supplier to do work in a country other than the place the original business is located (What is Offshore Outsourcing, n.d.). Most businesses work outside of the country because it is typically done at a cheaper cost and the primary company may not be able to handle responsibilities in house. "Offshore outsourcing is desired by numerous companies considering the premier factors like quality, access to resources and tools, time, cost, etc." (AJ, n.d.). Since the offshore company has access to all personal and business information about a company, confidentiality and privacy are big concerns. For example, I have decided to publish a book but I want to make sure that I am able to convert the book into all types of formats for my customers. If I were to send the book to another provider, I would need to make sure that company does not steal or exploit any of my information. Just like the book example, if I had a company where I needed to extend it to another country, I need to make sure that the data I send are not misused to be disclosed to another party (AJ, n.d.). With various information systems functions for a business, different countries may also have different laws and rules for their business policies. This may cause a lot of strain with the primary business to attain their information systems functions the way they want to. "Many countries outside of the United States do not recognize confidentiality or non- compete agreements" (Kurth, 2014). With this, it is important to research the vendor for their reputation on upholding secret information. "Also, in case of contract termination, organizations should have knowledge of foreign laws regarding recovery of confidential property, as courts in some countries do not require the return of confidential material" (Kurth, 2014).

I think that one of the top responsibilities of an organization is protecting the customers' personal information. Many companies keep sensitive information such as credit card numbers, social security numbers, name and other account data. If this information were to fall into the wrong hands, fraud, theft, and other harmful acts are most likely to happen. There are 5 principles to data security plan, 1) Knowing what personal information to have in files and on computers, 2) keeping only what is needed for the business, 3) protecting the information that is kept 4) properly disposing of what is not needed and 5) creating a plan to respond to all security questions (Protecting Personal Information, 2019). "Given the cost of a security breach - losing your customers' trust and perhaps even defending yourself against a lawsuit - safeguarding personal information is just plain good business" (Protecting Personal Information, 2019).

The above post is a response to the following:What risks, if any, does offshore outsourcing of various information system functions pose to satisfying the principles of confidentiality and privacy? What do you think an organization's duty or responsibility to protect the privacy of its customers' personal information should be? Explain.

Required

Recommend controls that will mitigate the risks suggested in the above post. Ensure the recommended controls are in compliance with industry standards.