3.4.2 Outsourcing
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 |
Effective from May 24 2017 - May 23 2017
To view other versions open the versions tab on the right
Principle
The Member Organization should define, implement and monitor the required cyber security controls within outsourcing policy and outsourcing process. The effectiveness of the defined cyber security controls should periodically be measured and evaluated.
Objective
To ensure that the Member Organization's cyber security requirements are appropriately addressed before, during and while exiting outsourcing contracts.
Control Considerations
| 1. | The cyber security requirements within the outsourcing policy and process should be defined, approved, implemented and communicated within Member Organization. | |
| 2. | The cyber security requirements regarding the outsourcing policy and process should be measured and periodically evaluated. | |
| 3. | The outsourcing process should include: | |
| a. | the approval from Saudi Central Bank prior to material outsourcing; | |
| b. | the involvement of the cyber security function; | |
| c. | compliance with the Saudi Central Bank circular on outsourcing. | |