Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Outsourcing Contract and Service Level Issues Sharon O’Bryan Week 5 November 2, 2004.

Similar presentations


Presentation on theme: "1 Outsourcing Contract and Service Level Issues Sharon O’Bryan Week 5 November 2, 2004."— Presentation transcript:

1 1 Outsourcing Contract and Service Level Issues Sharon O’Bryan Week 5 November 2, 2004

2 2 Outsourcing Basic Terminology  Service Provider IT Operations Services Business Services (e.g. Call Centers) Program Coding  Receiver or “Receiving Company”  Performance Both Parties  Monitoring Performance Against Contract and SLA Specified Benchmarks

3 3 The Basic Issues  Assumptions Scope of services Who is responsible for what Who is accountable “they must be secure” Privacy assurance and liability Recovery capability How much “extra” will cost  Serious misconceptions about the “SAS/70”  Downstream Service Providers overlooked

4 4 Outsourcing  Proper Risk Assessment  Contract  Service Level Agreement  Performance Reporting Monitoring Performance Against Contract and SLA Terms  Remedy

5 5 Contract Specifics

6 6 General Considerations  Change in Financial Soundness  Change in Business Strategy  Notification of Downstream Outsourcing  Benchmarking  Separation of Duties  Records Retention  Penalties Exit Clause  Governance and Management

7 7 Managing Risks to Confidentiality  Information Ownership Access to Data  Intellectual Property Access to Programs  Logs and Log Retention  Data Disposal – all media  Encryption  Test Data

8 8 Access Provisioning Administration  Access Requests  Password Resets  Logical Partitions  Authorization Verification  Roles of Provider and Receiver  Password Formats  Logs and Log Retention  Access Reports to Owners

9 9 Vulnerability Management  Intrusion Prevention Requirements  Intrusion Detection and Monitoring  Malicious or Suspicious Activity Notification  Filing of Regulatory Reports for Suspicious Activity  Penetration Simulations

10 10 Audits  Independent Auditor Report  Right to Audit  Right to Audit Downstream Outsourcing Note: Technology and business continuity is no longer verified in a SAS/70

11 11 “Disaster Recovery”  Provider’s Business Recovery  Technology Recovery Capability  Point of Restoration Data Programs  Testing (full testing)  Downstream Provider Capability


Download ppt "1 Outsourcing Contract and Service Level Issues Sharon O’Bryan Week 5 November 2, 2004."

Similar presentations


Ads by Google