How to write technology outsourcing contracts

Have you decided to outsource services but are afraid the company you outsource to may have a data breach? In this expert response, learn how to write technology outsourcing contracts that designate liability if there's a customer data breach.

We're going to outsource some of our services and want to write a contract that holds our outsourcer liable if there is a data breach. What sort of minimum security requirements should we list in the contract as necessary for the outsourcer to put in place?

The minimum requirements for technology-outsourcing contracts will vary somewhat based on what services you are...

outsourcing, what data the outsourcer will have access to and what vertical your business is in. Not knowing what you do or what services you are outsourcing, it's hard to give you specific advice. However, a good place to start is the Payment Card Industry Data Security Standard (PCI DSS). While not perfect, PCI DSS provides a great baseline, and as such makes for a great set of minimum requirements.

Rather then just demand PCI DSS compliance, use it as the basis for your requirements and remove the items that are not relevant to your organization. For example, if you aren't outsourcing access to credit card data, you don't need to include provisions that are specific to credit card number encryption or transmission; or, if the outsourcer isn't providing applications to you, you can remove the verbiage around secure development.

Alternately you may want to add provisions. For example, if you are outsourcing access to Social Security numbers, you will want to change the language of PCI DSS to address SSNs.

For more information:

This was first published in June 2009

Dig Deeper on Enterprise Data Governance



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: