PACIS 2021 Proceedings


Media is loading

Paper Type


Paper Number



Modern businesses increasingly depend on other service organisations. Hence IT outsourcing (ITO) is on the rise and is now a USD multi-trillion industry. Nevertheless, the success rate is low, suggesting the need for scrupulous risk management in ITO. The researchers have long raised information security risk management (ISRM) among the top concerns in ITO. This paper investigates the factors impacting ISRM in ITO. The study follows a qualitative approach using the case study method. Data were collected through semi-structured interviews. Three organisations with distinct ITO orientations were investigated. The investigation applied the technology-organisationenvironment framework supplemented with agency theory to suit the ITO context of this research. The study presents the findings in a seven-dimensional framework - technology, organisation, people, process, legal, environment and strategy (TOPPLES) framework. The framework was verified through a focus group



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.