Author: Dave Pignolet
Published in HR Technologist
The digitalization of the workforce and the rise of the gig economy has dramatically changed the structure of many organizations, which in turn has posed new challenges for HR teams. In addition to traditional full-time employees (FTEs), many HR teams and their peers in IT and cybersecurity are now faced with growing numbers of contractors, vendors, partners, affiliates, and freelancers – commonly grouped together as “non-employees.” While there are many benefits compelling organizations to utilize non-employees, this population of outsiders creates a new set of business challenges, not the least of which is that they inherently increase an organization’s exposure to greater risks than typical full-time employees.
For many organizations, the crux of the problem arises from not having sufficient resources and systems in place responsible for the timely and effective collection, processing, and operationalization of non-employee information. This exercise is particularly difficult to perform for non-employees because, unlike FTEs, non-employee data must be collected in a collaborative fashion oftentimes from disparate sources inside and outside of the organization. However, the systems used to perform this exercise for FTEs are not designed for the complexity and flexibility of non-employee populations and are therefore unable to support their unique needs. As a result, organizations lack an authoritative source of non-employee data that can be used to make well-informed business decisions and ultimately mitigate the risk associated with this utilizing these resources.
Using non-employee data to drive success
Creating an authoritative source of non-employee data enables an organization to better understand its relationship with each individual non-employee. Ultimately, more comprehensive knowledge of non-employees can help optimize their contribution to the overall success of the organization. From a business process enablement and risk mitigation perspective, this knowledge is essential in making decisions to grant and remove access to an organization’s systems in a timely and accurate manner.
The key to improving the utilization and effectiveness of non-employees is to better understand the relationship of each non-employee to the organization. This can only be accomplished by creating an authoritative source of non-employee data that facilitates collaboration between internal and external non-employee sponsors, HR, IT and cyber resources. Existing HR systems are not designed to drive the successful utilization of non-employee populations and attempting to use them to do so not only dramatically increases costs associated with non-employees, but also exposes the organization to greater business risks.
Strategically, an authoritative source of non-employee data can be used to increase an organization’s overall market competitiveness in four key areas:
- Improve employer brand. Vendors, contractors, and other non-employees can often be in different physical locations from the organization, which can create challenges for their overall work experience. Having better data on non-employees empowers HR leaders to continually improve their work experience, regardless of location or role and effectively make decisions on what each non-employee needs to be successful.
- Reduce risk. Non-employees are inherently riskier than traditional employees because they are outsiders. Oftentimes, organizations grant non-employees access to internal systems without the contextual intelligence that they use when making access decisions for employees. In doing so, the organization is placing a disproportionate amount of trust in a riskier population and unwittingly expanding its threat and attack surface. With an authoritative source of non-employee data, the information gap disappears, giving an organization timelier and more accurate non-employee information. This knowledge, in turn, can be used to ensure that system access is granted only when needed and terminated immediately when no longer required.
- Increase operational efficiency. Collected and connected information can be used to improve the operational efficiency of non-employees. For organizations that lack a trustworthy source of non-employee data, any compliance-related audit becomes a time-consuming, manual, costly, and potentially error-prone process. A centralized non-employee data source that facilitates collaboration between internal and external non-employee sponsors, HR, IT and cyber resources can create a well-managed system able to provide timely, accurate, and actionable information that can be used to meet important compliance and other auditing needs.
- Cut costs. Organizations have migrated to using growing and diverse populations of non-employees to increase their overall market competitiveness. This is typical because non-employee populations provide an organization with the elasticity needed to quickly and cost-effectively expand and contract based on current needs. However, without anon-employee data sources in place, the competitive advantages of this strategy can be outweighed by the costs associated with mismanagement of non-employee data. This misuse can lead to minor penalties like misclassification of employees to major brand-damaging issues like cybersecurity breach exposure.
It’s hard to imagine an organization today that wouldn’t benefit from the work of non-employees, but with this new organizational paradigm comes new challenges. While HR leaders must be aware of the variety of challenges that non-employees present, this responsibility should not fall solely on them. Instead, organizations ought to adopt systems that create a single, centralized, authoritative source of non-employee data, which would provide them with a holistic view of each individual non-employee. The valuable insights that can be gained from a single authoritative source of non-employee data can be used to better understand the relationship the organization has with each non-employee and ensure that the organization is able to make well-informed, timely business decisions and effectively support its market strategies.
*** This is a Security Bloggers Network syndicated blog from Blog – SecZetta authored by Nikki Rounds. Read the original post at: https://seczetta.com/blog/hr-data-management-non-employee/