The 10 Things You Need to Ask Your Outsourcing Partner<br />Timothy Youngblood<br />Dell, Inc.<br />
This isn’t new<br />
Approaches to Delivery<br />SaaS<br />Cloud <br />PaaS<br />
New Tech Driving Change<br />
Reduced Sales Cycles<br />$$$<br />The Enterprise<br />SalesForce.com Example<br />http://www.youtube.com/watch?v=ae_DKNwK...
Key Assumptions 1. & 2.<br />
Key Assumptions 3. & 4.<br />
Key Assumptions 5. & 6.<br />
Key Assumptions 7. & 8.<br />
Key Assumptions 9. & 10.<br />
Managing the Risk Option 1<br />SAS-70 Type 1 or Type 2 –<br />Report on the adequacy of the design and/or effectiveness o...
Managing the Risk Option 2<br />Trust Principles (SysTrust, WebTrust)–<br />Report on IT enabled systems including e-comme...
Managing the Risk Option 3<br />Agreed Upon Procedures –<br />Customized report on managements assertion of controls.  Can...
Inclusive of a Team<br />Team Members<br />IT<br />Procurement<br />Legal<br />External / Internal Audit<br />Compliance<b...
Think Before You Drink!<br />Do you have external security scans/assessments?<br />Can you provide your last two table/top...
Thank You<br />Timothy_Youngblood@dell.com<br />
Upcoming SlideShare
Loading in …5
×

The 10 Things You Need To Ask Your Isaca Dublin 05052010 No Notes

409 views

Published on

Presentation on managing the risk of outsourcing, saas, paas, ect..

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
409
On SlideShare
0
From Embeds
0
Number of Embeds
79
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Thank you. Questions.What are the parts of a Systrust?How should DR be assessed with your outsourcing partner?Do external auditors determine if a SAS-70 is sufficient?What qualifies for a SAS-70?If a breach occur is the outsourcer held accountable or is it the end customer?
  • The 10 Things You Need To Ask Your Isaca Dublin 05052010 No Notes

    1. 1. The 10 Things You Need to Ask Your Outsourcing Partner<br />Timothy Youngblood<br />Dell, Inc.<br />
    2. 2. This isn’t new<br />
    3. 3. Approaches to Delivery<br />SaaS<br />Cloud <br />PaaS<br />
    4. 4. New Tech Driving Change<br />
    5. 5. Reduced Sales Cycles<br />$$$<br />The Enterprise<br />SalesForce.com Example<br />http://www.youtube.com/watch?v=ae_DKNwK_ms&feature=related<br />
    6. 6. Key Assumptions 1. & 2.<br />
    7. 7. Key Assumptions 3. & 4.<br />
    8. 8. Key Assumptions 5. & 6.<br />
    9. 9. Key Assumptions 7. & 8.<br />
    10. 10. Key Assumptions 9. & 10.<br />
    11. 11. Managing the Risk Option 1<br />SAS-70 Type 1 or Type 2 –<br />Report on the adequacy of the design and/or effectiveness of controls, performed for a service organization on behalf of its customers by an independent auditor<br />*SAS-70 scheduled to be superseded by ISAE 3402 as proposed by the International Auditing and Assurance Standards Board (IAASB); Reporting Periods ending after June 15,2011<br />
    12. 12. Managing the Risk Option 2<br />Trust Principles (SysTrust, WebTrust)–<br />Report on IT enabled systems including e-commerce systems. It is particularly relevant when providing services with respect to security, availability, processing integrity, online privacy, and confidentiality.<br />
    13. 13. Managing the Risk Option 3<br />Agreed Upon Procedures –<br />Customized report on managements assertion of controls. Can include standardized framework controls such as COSO, COBIT, ISO-27001.<br />
    14. 14.
    15. 15. Inclusive of a Team<br />Team Members<br />IT<br />Procurement<br />Legal<br />External / Internal Audit<br />Compliance<br />Privacy<br />Ethics<br />
    16. 16. Think Before You Drink!<br />Do you have external security scans/assessments?<br />Can you provide your last two table/top results plus DR plan?<br />Is there a escrow agreement?<br />How do you meet PCI, GLBA, HIPAA ect..?<br />Is there breach notification requirements in the T&Cs?<br />Do you have provisions for privacy requirements?<br />How does your attest offering cover my use of the service?<br />Can my internal/external audit teams access the facilities?<br />Will your Development/Engineering follow my standards?<br />Are there subcontractors and how do you manage them?<br />Outsourcing<br />
    17. 17. Thank You<br />Timothy_Youngblood@dell.com<br />

    ×