Security requirements of outsourcing work. More than just VPN, more than just two factor authentication. More than just adaptability are fundamentals which a good outsourcing relationship must consider. Here a brief security checklist to ensure diligence in data security.
Checklist for secure outsourcing:
- What are your regulatory requirements for security? HIPAA, GDPR, industry specific?
- What are your customers’ and other partner’s security needs?
- What is your corporate culture for security?
- What access to your systems and data is needed for the process to be outsourced?
- How well isolated from your other operations are the systems to be connected to the outsourcing company?
- How well protected against unauthorized access are the systems to be connected to the outsourcing company?
- Whom at your company will take responsibility for managing the security of the outsourced process and auditing the access?
- How will you track access to your systems or data to a specific individual or system at the outsourcing company?
- What are the answers given by the outsourcing company to the above questions applied against their own operations?
Primary Assertion: It takes careful planning and experience to establish data security for remote connections. Our process to do this is mature and we have the capability to articulate the steps necessary to launch new connections securely and rapidly. Managing data risk should be high on the priorities of any company wishing to outsource work.
Secondary Assertion: Securing data is an ongoing process. It requires ongoing compliance with internationally accepted communication standards along with contextual laws like HIPAA to ensure that data transmitted is monitored for compliance. To do this planning an outsourcing company must follow a mature process:
1) Determine the nature of one or more client applications being used. These determinations should be multidimensional and include
- Sensitivity to latency
- Minimal link quality to trigger backup solutions (packet drops, round trips etc.)
- Bandwidth based on expected load
- Up-time requirements of the process (millisecond or packet sequencing
2) Develop a data transmission solution. Point to point link or preferred routing.
3) First tier data security : Application level credentials for access.
4) Second tier security : Encrypted channels or packet exchanges.
5) Third tier security : Two factor authentication
6) Limiting access points for data. How to do it and how this helps.
7) Routing and monitoring methods and reports. How TGS implements client and application level real time monitoring and reaction management.
8) Constant auditing of data streams for some applications that require privacy.
9) SLAs metrics and how they affect data security considerations.
10) Project management and implementation steps. How we deploy faster and more reliably than others in this space.
11) Exception escalation and maintaining up-time.
12) Supporting internal and external data security audits.