Development I Proof I Partner I Contract I Security I Transition I On going
	SECURITY MANAGEMENT Security issues must be confronted bearing in mind three points: >> security must be "embedded into the system", when it is "an add-on" it is much less effective >> security is first-of-all a relationship structure and management issue >> the technical tools, which are nevertheless indispensable, cannot make up for lack in relationship set-up and management. In offshore outsourcing relationships "managing security" means "guaranteeing" two aspects: proprietary information non-disclosure, and service continuity. The process that yields such "guarantees" is described in ISO standard 17799 "Best practices in information security", which is derived from the methodology universally accepted to formulate insurance contracts. The basic idea is that the "guarantee" cannot be "absolute" (total security does not exist), but must be related to the risks. Therefore the two aspects mentioned (proprietary information non-disclosure and service continuity) must be analysed in detail for their component risks -a process known as threat modelling. Once the threats have been identified, the workable solutions and their costs are considered. The solutions may be of three kinds: preventive (technologies or policies), outsourcing-type, and insurance-type. ISO 17799 allows for the cross-evaluation of solutions against threats to be be carried out either through a quantitative analysis (more detailed but more difficult) or through a qualitative analysis (less demanding in terms of data and in facts more widespread). The result of the analysis is the list for the solutions/ devices (tools, procedures and policies, and insurance contracts) which best suit the customer's needs in the light of the specific relationship under definition.
	Offshore Outsourcing I Designing A Relationship I Carrying Out The Promises I Engineering Services From India Choosing Globalisation I How To Contact Us