Most organizations have established a well-dešned appetite for risk when doing business. Outsourcing parts or the majority of the business functions holds signišcant risk since it is a game changer for some traditional security and privacy controls, requiring a new approach in how to achieve an acceptable risk level.