InfoSec: IT Outsourcing Security

Important Note

HKCERT - Security Blog: HKCERT Urges Local IT Users to Patch Apache “Log4j” Vulnerability ASAP (16 Dec 2021)

Language

繁體中文

簡体中文

English

Important Note

HKCERT - Security Blog: HKCERT Urges Local IT Users to Patch Apache “Log4j” Vulnerability ASAP (16 Dec 2021)

IT Outsourcing Security

Securing Outsourcing IT Task

IT Outsourcing Security

When any IT operation of an organisation is contracted out, the external service provider (or the outsourcing vendor) may effectively become an “insider”, handling sensitive and important information for the company. While the services provided by an outsourcing vendor may be beneficial and cost-effective, proper security management processes and procedures must be in place to protect sensitive data and customer privacy in outsourced IT projects or service. Data owners need to monitor and review all access rights granted to outsourcing vendors so as to protect key data at all times. The bottom line is; an organisation can outsource its operations, but not its responsibilities.