IT outsourcing is a viable option for organizations to maintain competitiveness and get the ability to focus on core competences. However, there are risks, such as handing over sensitive information to another organisation, lack of knowledge about security experience of the other part, cultural differences, etc. Trust is therefore becoming a more and more important issue in IT outsourcing relationships. This paper aims to identify and describe the process of achieving trust in IT outsourcing relationships. A framework was created based on an extensive literature survey. Three concept areas are included: contract, culture, and security. Each area is described, and critical success factors (CSF) were developed to support practical use.
In today's dynamic world, organizations must stay competitive, for which IT outsourcing is a viable option. IT outsourcing can be defined as the process of handing over IT services to an external provider. Benefits include cost reduction, improved quality of service, and risk reduction [1]. Risk awareness does not guarantee success, however, and trust is thus important in outsourcing relationships. A first step is to understand critical success factors (CSF) that must be fulfilled in order to achieve success [2]. Previous research has identified that trust aspects in IT outsourcing are more important than for example control and flexibility [3], and that trust us part of the soft side of outsourcing [4]. Studies of risks also show that trust is important for risk avoidance [1; 5; 6]. The aim of this paper is to identify and describe a framework for how to achieve trust in IT outsourcing relationships. A framework in this context is a suggested point of view for an attack on a scientific problem [7]. The framework is theoretically grounded and based on an extensive literature survey. It takes a management perspective and describes important perspectives to be considered, and connects each perspective to a number of CSF.
In order to achieve the expectations and accomplishments of an outsourcing relationship, the organization must trust the outsourcing vendor [9]. Trust in itself is difficult to define, since it varies from one context to another [10]. It can be perceived as the result of cognitive processes, decision-making concerning economics, and social relationships. Expectation is an important part of trust definitions (see e.g. 8; 11), since trust can be seen in terms of e.g. reliable promises including both positive expectations and risk avoidance. In this paper, we define trust as being achieved when the agreement is reliable and expectations are fulfilled in a behavioural goodwill. An agreement is reliable when it is worthy of being dependent on and its expectations are viewed to be achievable in a predictable and fair way. Behavioural goodwill can be viewed as an attitude of kindness or friendliness between two parts [11].
The framework for achieving trust in IT outsourcing was developed through a literature review of relevant sources. Since critical success factors may raise the chances of success, the framework will be based on such CSF.
As a basis for the framework, we have adapted Dahanayaka et al's [12] framework for understanding information systems development. This framework was selected since it aims for a consistent, systematic and integrated support throughout a system's lifecycle, plus that it is based on necessary concepts for a successful process. We have adapted this framework to fit the process of achieving trust in IT outsourcing relationships. The main difference is that we remove way of supporting and way of modelling, because our paper does not concern the lifecycle. Our adaptation focuses on important aspects of the process of how to achieve trust in IT outsourcing relationships in the following manner:
Way of thinking: deals with the role of IT outsourcing and its purposes. Visualizes the philosophy of how to achieve trust in IT outsourcing relationships. Way of controlling: deals with how to manage the process of how to achieve trust in IT outsourcing relationships. Different situations require different solutions. Way of working: a means for structuring problems that arise in the process. Distinguishes between which types of tasks that should be dealt with in a certain order. Also what means that are suited to solve a certain situation. Our framework is a structure consisting of CSF for achieving trust in IT outsourcing relationships. The way of thinking influences how the organization is controlling and working in order to achieve trust in IT outsourcing relationships. Way of controlling and way of working determine one another. Changes in the way of controlling may require a different way of working and vice versa. The CSFs are created from the way of controlling, and the way of working. In order to achieve trust, organizations have to know how to control different projects, and how to actually work to achieve trust.
The framework consists of three main areas: contract, culture and security. Figure 1 shows the areas (ovals), their relationships (arrows), guidelines (rectangles), and associated CSFs (bullets in the rectangles). Relationship examples include that culture influences how contracts are created and managed, and how security issues are chosen and used in order to increase the possibility to achieve success in IT outsourcing relationships. Contract requirements will affect the choice and usage of security issues and vice versa that together affect how the project is managed. For each area, a series of guidelines have been developed. The guidelines are divided according the critical subparts under each main area. Each guideline consists of several CSFs. It is clear that the contract is essential in IT outsourcing relationships as a basis for trust. Three guidelines can be associated to this category, of which CSFs concern the written or mutual contract, three concern to minimize uncertainty, and one concerns contract duration. Culture is another important category, which is displayed by the three guidelines in this category. Leadership is the most emphasized issue with five CSFs, communication is another with three CSFs, and context involves two CSFs. Finally, security is an issue with increasing importance shown by seven factors divided into administrative security (five CSFs), and technical security (two CSFs).
In order to use the framework in outsourcing projects, we propose two steps: understanding how the three areas relate to one another; and understanding the CSFs in each area. In the first step, the focus is on how culture affects contract creation and the necessary security adaptations, as well as how a contract affects the choice of security issues and vice versa. The second step involves a deeper understanding of each area and what to do in order to enhance the likelihood of actually achieving trust. Tailoring of the framework to specific situations is included here. One example may be that a global IT outsourcing project could pay more attention to the cultural CSFs before creating a contract, while another project has to have a tight security.
The purpose of the framework is to get a general understanding of how to achieve trust in IT outsourcing relationships from a theoretical perspective. The result is an awareness that can be used to tailor the knowledge into specific IT outsourcing projects. It is important to understand how the three areas -contract, culture and security -and their CSF may influence a specific project, and how important certain areas are within the project.
Future work will be focused on several aspects: extending the literature survey to cover a broader base of the outsourcing literature and possibly to detail the framework; coupling with research on human behaviour and its relationship to trust to create more direct usage guidelines for the framework; and to consider the systemic trust perspective into a more holistic coverage of the entire trust area.