Safe Outsourcing...

How can companies practice "safe outsourcing?" Here is what the Tucson-based Ponemon Institute, a think tank dedicated to advancing ethical information and privacy management practices in business and government. Read this.

-Integrate information security and privacy into vendor selection process.
-Appoint a high-level officer to assume responsibility for evaluating vendors for adequacy to meet corporate policy and legal requirements.
-Evaluate historical experience and reputation of the vendor. One way is to look at complaints and trace patterns back to a given activity or campaign under the control of the outsourced vendor.
-Consider the vendor's location, critical infrastructure and national backbone issues.
-Consider cultural and ethical dimensions that may impact due care in the maintenance and protection of customer or employee information.
-Perform site evaluations and, when appropriate, consider independent audit.
-Provide good faith disclosure to customers about outsourcing risks (including fair redress process to report problems directly to the company).
-Ensure the vendor performs background checks, and provides good supervision to its employees.
-Ensure the vendor has an upstream communication mechanism for security and privacy breaches immediately after they occur.
-Balance sound information security and privacy risk management against economic (cost minimization) objectives.

Here for more.