DataSecurityPolicies.com » Outsourcing Policy http://www.datasecuritypolicies.com Fri, 07 Nov 2008 03:21:37 +0000 en hourly 1 http://wordpress.org/?v=3.0 Outsourcing Policy http://www.datasecuritypolicies.com/outsourcing-policy http://www.datasecuritypolicies.com/outsourcing-policy#comments Tue, 13 Nov 2007 21:49:56 +0000 Marc http://www.datasecuritypolicies.com/outsourcing-policy I wrote a generic outsourcing policy for a presentation I’m giving on outsourcing security services.

Here’s the general outline:

  • Purpose
  • Scope/Applicability
  • Policy Statement
    • Board and Management Responsibility
    • Risk Mitigation Strategies: Outsourcing Team
    • Business Case
    • Due Diligence
    • Business Continuity Management (BCM)
    • Contractual Agreements
    • Management and Control of the Outsourcing Relationship
    • Offshoring
    • Final Approval

Here’s an excerpt:

1.0 Purpose

The purpose of this policy is to establish the requirements for identifying, justifying, and implementing outsourcing arrangements for any Organization XYZ function.

2.0 Scope

This policy applies to all workforce members within Organization XYZ. It must be followed whenever Organization XYZ functions are outsourced.

3.0 Policy

To conduct operations as effectively and efficiently as possible, Organization XYZ may find it advantageous to outsource (use outside contractors for) certain functions. To ensure compliance with security objectives, these requirements must be followed:

You can download a copy of the policy here: Outsourcing Policy

]]> http://www.datasecuritypolicies.com/outsourcing-policy/feed 0