Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 2 - Governance and Management of IT - Coggle Diagram
Chapter 2 - Governance and Management of IT
2.10 IT Service Provider Acquisition and Management
Types
By IT Function
Insourced
Outsourced
Hybrid
By Location
Onsite
Offsite
Offshore
Points to Note
IT steering committee approves sourcing strategy
"Right to Audit" must be addressed in the contract
Accountability remains with client organization
Service quality expectation: ISO/IEC 15504, CMMI, ITIL, ISO 9001:2015
Software escrow
Third-Party Audit Report
SSAE 18
SOC 1 - financial reporting
SOC 2 - security, availability, processing integrity, confidentiality, privacy
SOC 3 - Similar to SOC 2, but doesn't include detailed understanding of the design of controls and tests performed by service auditor
Penetration tests and security assessment