This guide provides resources and checklists to assist managers to address IT security issues when organisations are negotiating new, or renegotiating existing outsourcing contracts for their IT arrangements. The ITSEAG has released a guide to effective IT security governance which should be seen as a companion to this guide.
This guide is not intended to be a stand-alone resource, and should be read in conjunction with the resources listed in Section 3 for further details as to specific requirements, in addition to obtaining independent legal advice as to regulatory compliance necessary for particular industry sectors.
Outsourcing an organisation’s IT functions is a complex process to manage with IT security one of the many elements that needs to be considered.
This guide includes advice on:
• IT security issues to consider in the lead up to implementing an IT outsourcing arrangement;
• steps which need to be taken before and during negotiation and preparation of IT outsourcing contracts;
• a checklist of potential IT security pitfalls associated with IT outsourcing;
• advice on how to put in place effective IT security arrangements between an organisation and the IT service provider; and
• ideas on how to implement effective contractual arrangements and make them adaptive to changes in the IT security environment.