Protecting data when outsourcing

The latest Tech Essentials guide looks at protecting data when using outsourced services. As usual, it is a mixture of advice, case studies and checklists.

Vary by size – or complexity?

How an organisation tackles the due diligence process for data protection while outsourcing will vary greatly. Now so many products and services can be accessed remotely, the list of outsourced possibilities is growing so fast and becoming so diverse that is can seem never-ending. The operational structure of an organisation, the process or task being outsourced, the type of data in scope and the applicable data protection legislation will all play a role.

However, the principles outlined in the guide are applicable to any organisation considering outsourcing. Accountants are seen as key advisers to businesses. The guide aims to help finance professionals understand the key issues and help support an organisation during the tendering process.

A 10-step checklist

There is a lot to consider around data when outsourcing and the guide provides some key pointers to tick off in relation to any provider you may be considering; the guide then goes through the points in detail. At the top level these include:

  1. Range of tasks that could be performed
  2. External performance and service levels
  3. Assessing security levels
  4. Internal monitoring and administration
  5. Ownership of data
  6. Compliance with laws
  7. Guidance form regulators
  8. Delivery mechanisms
  9. Risk assessment
  10. Data protection due diligence

The guide also provides a second checklist of 10 key things to consider when preparing the tender for an outsourcing contract, starting with being aware of when a contract comes to an end.

The Tech Essentials Guide to data protection when outsourcing is available free to Tech Faculty members as part of their annual subscription. You can find out more and join online at icaew.com/jointechfac

Anonymous