Risk Management in Outsourcing of IT
Outsourcing of IT is an efficient and common way to reduce costs for IT services and infrastructure. However, it requires management of risks and responsibilities with regards to follow-up on the supplier´s information security and data protection.
These risks can and should be mitigated through agreements but also through risk analysis and follow-up on the supplier’s performance and compliance with agreed upon requirements and service levels.
It can be demanding to structure a methodology and an organization for efficient follow-up on the supplier’s performance with internal resources. With the help of an external partner for third party audits, the result is based on a higher level of independence, performed by a specialist in the field and gives a higher degree of flexibility with regards to personnel planning. The specialist has a tool-box tailored for third party audits and experience in how demands on the outsourcing supplier should be articulated and implemented.
Transcendent Group´s team of experienced IT auditors has extensive experience from designing and performing third party audits on IT service organizations to verify compliance with agreed terms and expected best practice procedures.