When organisations outsource, though the outsourcer must safely manage those activities, the responsibility for security and risk remains with you – and you need to have appropriate assurance and controls in place to know that services will be performed to certain standards and that security will not be compromised.
Security standards and practices relating to SAP, for example, need to be explicit in outsourcing agreements. Organisations entering into an outsourcing agreement need to ensure that security and controls are specifically addressed in the contract. The responsibilities of each party in relation to governance, operations and reporting should be itemised, understood and documented.
Integrc’s Controls and Security Design service for outsourced IT/BPO helps organisations that are about to or already have entered into outsourcing agreements. The service provides insight into the stipulated requirements and performance standards and ensures visibility of any risk exposures that may need attention.
- Foundation to define security requirements
- Framework to review third party performance
- Ensures appropriate assurance and controls in place
- Assesses performance against metrics/contract
- Provides objective risk assessment evaluation
