Global spending on IT services and outsourcing was estimated at $488 billion in 2007 and is predicted to rise an additional 9% in 2008. At $120 billion, IT outsourcing constitutes roughly 25% of this spending. Organizations engaged in outsourcing will require sufficient security and privacy controls to protect their investments and reduce risks to their sensitive information. Security and privacy professionals should be an integral part of the outsourcing process, from developing the request for proposal (RFP) to signing the contract. But the job isn't complete just because the contract has been signed; the outsourcing relationship needs to be monitored, the contract components need to be enforced, and business value needs to be realized.