Weekly reflection
In your blog, write about your understanding of the outsourcing process. You may need to do some extra research for this. In particular, describe your knowledge of RFPs, evaluation, contract award, and exit strategies. Give an example of why an exit strategy would be necessary if outsourcing the implementation of an information security blueprint
Outsourcing saves time and money, and helps to avoid risk. The promised benefits of outsourced security can be very attractive to businesses. The potential to increase network security without hiring more people and spending more money is one of the reasons outsourcing is becoming more popular. The primary argument for outsourcing is financial as a company can get the security expertise it needs at a smaller cost by hiring someone else to provide it. One of the major dificulties in decing to outsource is who to get to do the work for you, the potential risks of outsourcing can be considerable. Stories of managed security companies going out of business, and bad experiences with outsourcing other areas of IT, show that selecting the wrong outsourcer can be a costly mistake.When decising to outsoruce the risk levels of potential vendors must be identified "Key information security considerations that should be tracked as part of this stage include: Information Security Policies, Audit Results and Methods, Standards and Certifications, Technical Controls, Security Architecture, Local Regulatory Compliance Requirements and Law Enforcement Practices" (A CISO’s Guide to Security Outsourcing (2009))
RFPs
The RFP document is one of the most important documents in the vendor selection process. The RFP defines the work to be done and the additional conditions to be met in order to win a contract.
Evaluation
An outsourcing evaluation should follow a disciplined, managerial approach from planning through negotiation and implementation, to ongoing management of the relationship
Contract award
The legal basis of any outsourcing agreement is of course the contract. This determines the legal parameters of the service and the responsibilities of each party
Exit strategies
It is important to plan your exit strategy before you buy. It’s critical to plan how you’ll get out of an outsourcing contract should the need arise. An exit strategy would be necessary if outsourcing the implementation of an information security blueprint because you may not like the blueprint and by having an exit strategy you are not stuck with it.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment