Outsourced Facilities Management (PS-08-019)
PS-08-019 Outsourced Facilities Management
Issue Date: 3/20/2008
Revision Effective Date: 3/20/2008
Review Date: 12/1/2020
Using an external provider for information processing facilities introduces potential security risks and requires additional precautions to be incorporated into service contracts compared to contractors providing IT services within the physical control of the State. This policy establishes the requirement for agencies to identify and address these concerns in the service contracts for providers entrusted to manage State information systems in their facilities.
Contracts and service agreements for outsourcing management of State information processing facilities to an external service provider shall detail explicit security requirements and controls including adherence to all applicable state and agency security policies and standards necessary to adequately protect the information resources entrusted to the third-party.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
Third Party Security Requirements (SS-08-049)
NIST SP 800-53 (Rev. 5) SA-9: External System Services