Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Outsourcing Contract and Service Level Issues Sharon O’Bryan Week 5 November 2, 2004.

Published byBerenice Wilkins Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Outsourcing Contract and Service Level Issues Sharon O’Bryan Week 5 November 2, 2004."— Presentation transcript:

1 1 Outsourcing Contract and Service Level Issues Sharon O’Bryan Week 5 November 2, 2004

2 2 Outsourcing Basic Terminology  Service Provider IT Operations Services Business Services (e.g. Call Centers) Program Coding  Receiver or “Receiving Company”  Performance Both Parties  Monitoring Performance Against Contract and SLA Specified Benchmarks

3 3 The Basic Issues  Assumptions Scope of services Who is responsible for what Who is accountable “they must be secure” Privacy assurance and liability Recovery capability How much “extra” will cost  Serious misconceptions about the “SAS/70”  Downstream Service Providers overlooked

4 4 Outsourcing  Proper Risk Assessment  Contract  Service Level Agreement  Performance Reporting Monitoring Performance Against Contract and SLA Terms  Remedy

5 5 Contract Specifics

6 6 General Considerations  Change in Financial Soundness  Change in Business Strategy  Notification of Downstream Outsourcing  Benchmarking  Separation of Duties  Records Retention  Penalties Exit Clause  Governance and Management

7 7 Managing Risks to Confidentiality  Information Ownership Access to Data  Intellectual Property Access to Programs  Logs and Log Retention  Data Disposal – all media  Encryption  Test Data

8 8 Access Provisioning Administration  Access Requests  Password Resets  Logical Partitions  Authorization Verification  Roles of Provider and Receiver  Password Formats  Logs and Log Retention  Access Reports to Owners

9 9 Vulnerability Management  Intrusion Prevention Requirements  Intrusion Detection and Monitoring  Malicious or Suspicious Activity Notification  Filing of Regulatory Reports for Suspicious Activity  Penetration Simulations

10 10 Audits  Independent Auditor Report  Right to Audit  Right to Audit Downstream Outsourcing Note: Technology and business continuity is no longer verified in a SAS/70

11 11 “Disaster Recovery”  Provider’s Business Recovery  Technology Recovery Capability  Point of Restoration Data Programs  Testing (full testing)  Downstream Provider Capability

Download ppt "1 Outsourcing Contract and Service Level Issues Sharon O’Bryan Week 5 November 2, 2004."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Managing Outsourced Service Providers By: Philip Romero, CISSP, CISA.

Managing Outsourced Service Providers By: Philip Romero, CISSP, CISA.
All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.
Auditing Computer Systems

Auditing Computer Systems
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
Separate Domains of IT Infrastructure

Separate Domains of IT Infrastructure
Audit Considerations of Data Center Consolidation Jon Ingram Audit Manager Information Technology Audits Florida Auditor General 1.

Audit Considerations of Data Center Consolidation Jon Ingram Audit Manager Information Technology Audits Florida Auditor General 1.
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
IT Security Auditing Martin Goldberg.

IT Security Auditing Martin Goldberg.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Chapter 3: Information Security Framework

Chapter 3: Information Security Framework
Session 3 – Information Security Policies

Session 3 – Information Security Policies
IT Service Delivery And Support Week Eight IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA CISA CISSP) 1.

IT Service Delivery And Support Week Eight IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA CISA CISSP) 1.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
1 LOGICAL ACCESS FOR University Medical Group Saint Louis University Click the Speaker Icon for Audio.

1 LOGICAL ACCESS FOR University Medical Group Saint Louis University Click the Speaker Icon for Audio.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Similar presentations

Ads by Google