Outsourced Facilities Management

PS-08-019 Outsourced Facilities Management

Issue Date:  3/20/2008

Revision Effective Date:  3/20/2008 

 

PURPOSE

Using an external provider for information processing facilities introduces potential security risks and requires additional precautions to be incorporated into service contracts compared to contractors providing IT services within the physical control of the State.  This policy establishes the requirement for agencies to identify and address these concerns in the service contracts for providers entrusted to manage State information systems in their facilities.

POLICY

Contracts and service agreements for outsourcing management of State information processing facilities to an external service provider shall detail explicit security requirements and controls including adherence to all applicable state and agency security policies and standards necessary to adequately protect the information resources entrusted to the third-party.

 

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

Third Party Security Requirements (SS-08-049)

Facilities Security (SS-08-015)

Computer Operations Center Security (SS-08-016)

Personnel Identity Verification and Screening (SS-08-017)

Outsourced IT Services and Third-Party Interconnections (SS-08-044)