As anyone who has been in business for a while knows, programs that are enacted without the full support of senior management are less likely to be successful than those that are launched with the buy-in of managers as well as line personnel. When it comes to using outsourced IT to take over functions such as the installation and maintenance of an information risk management system, it is essential to have senior personnel on board from the very beginning.
Organizations these days are strongly dependent on data and information systems in a variety of ways. In many cases, business goals cannot be achieved without effective use of these systems. Many businesses must also contend with compliance issues that involve information systems. According to Ron Ross, who heads information risk management at the National Institute of Standards and Technology, a risk management system is essential.
Yet Ross cautions that such a system cannot be established in a vacuum. "When the senior leaders understand that connection, then they're willing to go forward and do what it takes to help protect their information assets," comments Ross. "If that connection is not made, then it's very difficult for the folks downstream to do the right thing…. Getting that top level support is the first step to making everything else happen."
This is especially true when outsourced IT will be used to establish and monitor the necessary information risk management system. As outsourced IT is new to some companies, this innovative approach should be given a solid, fully supported launch.