Security Management Strategies for the CIORequires Free Membership to View
There are several recognized security or quality standards that can be
used.
Control Objectives for Information and Related Technology is a generally applicable and accepted standard for IT security and
control practices.
Common Criteria (which was developed from the military Orange Book and other
sources) assists in developing criteria for evaluation of IT security. Another site provides information on the
Common Evaluation Methodology.
ISO 17799 is also recognized security standard based upon BS7799. The ISO
17799 was first published in December 2000 based from BS7799, which had its
last publication in May 1999.
Consultative, Objective and Bi-functional Risk Analysis combines
several standards such as BS7799 / ISO 17799 and Data Protection legislation
to encourage compliance with security policies.
Regarding outsourcing agreements, the below Web sites (and their self-written
overviews) may offer assistance.
White Paper: Applying Benchmarks to IT Outsourcing
Agreements
"The SLA should be clear and free from complex language. It should be tightly
focused on business needs. In other words, avoid the weasel language." -- http://www.computerworld.com/cwi/stories/0,1199,NAV47-81_STO56572,00.html
"This document by Anne Caine offers one attorney's excellent overview
detailing how to prepare effective service agreements." -- http://www.gtlaw.com.au/pubs/negotiating.html
"This paper by lawyer John Gray complements Anne Caine's paper - Negotiating
An Effective Service Level Agreement part I - by focusing more on vendor's
issues in outsourcing." -- http://www.gtlaw.com.au/pubs/negotiatingservice.html
"Created so ITAA members can view SLAs submittted by member companies. All
companies are kept anonymous, and access is limited to ITAA member companies
submitting SLAs..." -- http://www.itaa.org/asp/slalibrary.htm
"ITAA has played a leading role in defining the emerging ASP industry. With
assistance from member volunteers, ITAA has created a broad definition to
provide guidance to the ASP industry." -- http://www.itaa.org/asp/itaasla.pdf
"This article discusses how management service providers are finding ways to
assure clients that performance goals will be met." -- http://www.informationweek.com/story/IWK20000901S0006
"An overview of effective SLAs and some of the challenges in negotiating
these agreements..." -- http://www.outsourcing-journal.com/issues/nov1997/html/munch.html
"Providing information on SLAs as a part of outsourcing agreements. Includes
information on negotiating effective SLAs, an online forum for buyers and
sellers of outsourcing, articles, expert advice and outsourcing FAQs." -- http://www.outsourcing-sla.com/
This was first published in September 2001
Join the conversationComment
Share
Comments
Results
Contribute to the conversation