3.4.2 Outsourcing
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 | Status: In-Force |
Principle
The Member Organization should define, implement and monitor the required cyber security controls within outsourcing policy and outsourcing process. The effectiveness of the defined cyber security controls should periodically be measured and evaluated.
Objective
To ensure that the Member Organization's cyber security requirements are appropriately addressed before, during and while exiting outsourcing contracts.
Control Considerations
| 1. | The cyber security requirements within the outsourcing policy and process should be defined, approved, implemented and communicated within Member Organization. | |
| 2. | The cyber security requirements regarding the outsourcing policy and process should be measured and periodically evaluated. | |
| 3. | The outsourcing process should include: | |
| a. | the approval from SAMA prior to material outsourcing; | |
| b. | the involvement of the cyber security function; | |
| c. | compliance with the SAMA circular on outsourcing. | |