You are more likely to lose money from them over-billing you than from them stealing your source code. Stated another way, try offering to pay your outsourcing company with a copy of your source code and see how agreeable they are. Regardless, it is always good to evaluate your risk as long as your effort is proportionate to the value of your IP.
Better communication and virtualization are making telecommuting more commonplace so I wouldn't focus your concern too much on their location. An NDA as mentioned by another reader is always a good idea.
If your company is reasonably small, than get a little time alone and just write down your concerns, than address those concerns in the form of brief high level policies. Don't try to address the technical aspects of implementing your policies until you have written them.
Example: I don't know who has access to, or is accessing critical files or source code.
Resulting policy: All critical files must never be copied from ServerX without proper authorization. A weekly audit of Active Directory accounts/ Memberships and ACLs must be performed weekly and as requested by... Even this may be more specific than you need to begin with.
After you have developed your policies, than begin addressing how to implement them in the form of a processes/procedures. You might even engage your service provider to help you implement them. Don't waste too much time on wording your docs just right as they will be living documents that will change as your business requirements change.
Try to maintain a good balance of governance and efficiency. Over time, you will realize some tangential benefits for your effort and will have developed the crucial part of what will become your IT Governance strategy as your business grows and will even add value if selling the company is your exit strategy. Stated another way, If you are buying a software company with a unique application, would you perceive more value if they have policies and processes in place to protect their assets and can demonstrate that they follow them.
Good luck
Slashdot Mirror
You are more likely to lose money from them over-billing you than from them stealing your source code. Stated another way, try offering to pay your outsourcing company with a copy of your source code and see how agreeable they are. Regardless, it is always good to evaluate your risk as long as your effort is proportionate to the value of your IP. Better communication and virtualization are making telecommuting more commonplace so I wouldn't focus your concern too much on their location. An NDA as mentioned by another reader is always a good idea. If your company is reasonably small, than get a little time alone and just write down your concerns, than address those concerns in the form of brief high level policies. Don't try to address the technical aspects of implementing your policies until you have written them. Example: I don't know who has access to, or is accessing critical files or source code. Resulting policy: All critical files must never be copied from ServerX without proper authorization. A weekly audit of Active Directory accounts/ Memberships and ACLs must be performed weekly and as requested by ... Even this may be more specific than you need to begin with.
After you have developed your policies, than begin addressing how to implement them in the form of a processes/procedures. You might even engage your service provider to help you implement them. Don't waste too much time on wording your docs just right as they will be living documents that will change as your business requirements change.
Try to maintain a good balance of governance and efficiency. Over time, you will realize some tangential benefits for your effort and will have developed the crucial part of what will become your IT Governance strategy as your business grows and will even add value if selling the company is your exit strategy. Stated another way, If you are buying a software company with a unique application, would you perceive more value if they have policies and processes in place to protect their assets and can demonstrate that they follow them.
Good luck
Don't be fooled. Kohei Minato is really Carl Tilley in a clever Japanese disguise.