Topics: 

PS-08-019 Outsourced Facilities Management

Issue Date:  3/20/2008

Review Date: 12/1/2023

PURPOSE

Using an external provider for information processing facilities introduces potential security risks and requires additional precautions to be incorporated into service contracts compared to contractors providing IT services within the physical control of the State.  This policy establishes the requirement for agencies to identify and address these concerns in the service contracts for providers entrusted to manage State information systems in their facilities.

SCOPE and AUTHORITY

O.C.G.A 50-25-4(a)(10) – State Government, Georgia Technology, General Powers

O.C.G.A 50-25-4(a)(21) - State Government, Georgia Technology, General Powers

PM-04-001 – Information Technology Policies, Standards and Guidelines

PS-08-005 – Enterprise Information Security Charter

POLICY

Contracts and service agreements for outsourcing management of State information processing facilities to an external service provider shall detail explicit security requirements and controls including adherence to all applicable state and agency security policies and standards necessary to adequately protect the information resources entrusted to the third-party.

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

Third Party Security Requirements (SS-08-049)

Facilities Security (SS-08-015)

Computer Operations Center Security (SS-08-016)

Personnel Identity Verification and Screening (SS-08-017)

Outsourced IT Services and Third-Party Interconnections (SS-08-044)

 

Related Files