IT security issues and outsourcing of business processes are common but largely disjoint themes in the literature; common consideration is rare even though information security risk becomes a shared risk both through IS-based processes at outsourcing partners and potentially tightly-integrated IS systems. This paper explores this lack of an integrated model combining IT risk management view with the outsourcing process. Towards the development of an integrated model outsourcing and risk managing process phases are detailed; common phases of each serve as the basis for the introduction of an integrated model. Finally the paper suggests some points for future research.