Information security concerns in IT outsourcing: Identifying (in) congruence between clients and vendors

Managing information security in Information Technology (IT) outsourcing is important. We conduct a Delphi Study to identify key information security concerns in IT outsourcing. A follow-up qualitative study was also undertaken to understand (in)congruence between clients and vendors with respect to the top information security concerns. In a final synthesis, our study found three central constructs to ensure information security in IT outsourcing: 1) competence of the vendor to ensure information security; 2) compliance of the vendor with client requirements and external regulations; and 3) trust that proprietary information is not abused and that adequate controls are in place.