Managing Security in Outsourcing and Off-shoring

At last week’s excellent Cyber Security KTN Christmas lunch at Bletchley Park, I presented the findings of a recent KTN project to develop a guideline on the thorny subject of managing information security risk in outsourcing and off-shoring. You can view the slides on the KTN web site.

It’s worth watching out for the guideline itself, which should be available shortly. I set out to interview many leading experts in law, programme management, security and procurement, in order to capture the learning points. I was particularly concerned with capturing the softer, management issues, rather than the factual legal requirements (which a good lawyer can tell you).

It was a challenge to cram in such a large number of issues into seven pages (the limit set by the KTN). But small is beautiful. In today’s world you can’t expect busy executives to find the time to read longer documents.