Download presentation
Presentation is loading. Please wait.
Published byBerenice Wilkins Modified over 9 years ago
1
1 Outsourcing Contract and Service Level Issues Sharon O’Bryan Week 5 November 2, 2004
2
2 Outsourcing Basic Terminology Service Provider IT Operations Services Business Services (e.g. Call Centers) Program Coding Receiver or “Receiving Company” Performance Both Parties Monitoring Performance Against Contract and SLA Specified Benchmarks
3
3 The Basic Issues Assumptions Scope of services Who is responsible for what Who is accountable “they must be secure” Privacy assurance and liability Recovery capability How much “extra” will cost Serious misconceptions about the “SAS/70” Downstream Service Providers overlooked
4
4 Outsourcing Proper Risk Assessment Contract Service Level Agreement Performance Reporting Monitoring Performance Against Contract and SLA Terms Remedy
5
5 Contract Specifics
6
6 General Considerations Change in Financial Soundness Change in Business Strategy Notification of Downstream Outsourcing Benchmarking Separation of Duties Records Retention Penalties Exit Clause Governance and Management
7
7 Managing Risks to Confidentiality Information Ownership Access to Data Intellectual Property Access to Programs Logs and Log Retention Data Disposal – all media Encryption Test Data
8
8 Access Provisioning Administration Access Requests Password Resets Logical Partitions Authorization Verification Roles of Provider and Receiver Password Formats Logs and Log Retention Access Reports to Owners
9
9 Vulnerability Management Intrusion Prevention Requirements Intrusion Detection and Monitoring Malicious or Suspicious Activity Notification Filing of Regulatory Reports for Suspicious Activity Penetration Simulations
10
10 Audits Independent Auditor Report Right to Audit Right to Audit Downstream Outsourcing Note: Technology and business continuity is no longer verified in a SAS/70
11
11 “Disaster Recovery” Provider’s Business Recovery Technology Recovery Capability Point of Restoration Data Programs Testing (full testing) Downstream Provider Capability
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.