Active Audit Agency

т: +38(044) 228-15-88


it audit

Information security audit of outsourcing companies

What is it?

Information security audit of outsourcing - is a set of complex revision targeting outsourcing company (third party) to comply your internal policies and requirements in information security area. IT audit of outsourcing includes verification of software, network, physical environment, system administration security and business continuity support.

Why do you need this?

Nowadays, an outsourcing of services is a widely spreaded and accepted business practice. Undoubtedly, this process may bring real advanteges to your business, for example, reduce operational expences, possibility to focus on the main business goals, avoid the absence of qualified personnel and increase services quality.

Usually during preparation of the outsourcing agreement you take into account only one side covering your current business needs in certain functions and basic controls and monitoring measures. Thus, your company is absolutely unclear about its own information inside outsourcing company and measures to protect business continuity and other levels of services provided.

From the other hand you have to count the risks connected to outsourcing. Primarily it is confidentiality leakage (due to the fact that outsourcing company gets full access to the information while it is traveling via its information system). Secondly, you became dependent from outsourcing services provider.

Also you must remember, that certain functions outsourcing will not free you from the customers', state and partners responsibilities.

By conducting information security audit for your outsourcing company you will get the following preferences:

  • Identification and reduction of IT risks related to outsourcing;
  • Confidence on adequate information assets protection and theirs appropriate confidentiality, integrity and availability level;
  • Trancparency of technological and operational processes being outsourced;
  • Adequate and up to date information about outsourcing to make strategically proper solutions.

How is audit of outsourcing conducted?

Information security audit for outsourcing is conducted in several steps:

audit of outsourcing