Sample Outsourcing PolicyOutsourcing Policy

The outsourcing policy is twenty (20) pages in length and defines everything that is needed for a function, department, or area to be outsourced. 

The policy comes as a Microsoft Word document (Word 2003 & Word 2007) that can be modified as needed.  The template has been updated to include an ISO 27001 audit program definition. The policy template includes:

  • Outsourcing Management Standard
    • Service Level Agreement
    • Responsibility
  • Outsourcing Policy
    • Policy Statement
    • Goal
  • Approval Standard
    • Base Case
    • Responsibilities

Note: Look at the Practical Guide for Outsourcing over 110 page template for a more extensive process for outsourcing which includes a sample contract with a sample service level agreement

Sample Outsourcing PolicySample Outsourcing Policy



Other Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format for those clients who just need this particular policy.  All policies are Sarbanes-Oxley compliant.

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.



Outsourcing Policies and Procedures News

Backup endpoints are critical for business continunity

March 17th, 2014

When considering endpoint backup options, be sure you're making the right decisions. Protecting data on endpoints has become more challenging because of recent trends like exponential data growth, the rise in endpoints, BYOD, and SaaS applications. Protect your corporate endpoint data by avoiding these common backup mistakes:

  • Relying solely on desktop backup puts over a quarter of enterprise data at risk
  • Neglecting the end-user experience causes users to disable intrusive backup
  • Comparing upfront costs alone may mean you pay more long term
Disaster Recovery Security Cloud DRP Security Incident Communication Policy Security Audit Program
 Order Disaster Plan TemplateDisaster Plan Sample

- more info

Communications key to business continuity

February 17th, 2014

Many business managers have found out the hard way the missed opportunities of not implementing a cloud-based communications solution. Winter snow storms and hurricane Sandy have opened CIO's eyes to the vulnerability and limitations of the premises-based communications system. Many firms on the East Coast just were not able to get back in business after those events.

  • 43% of companies experiencing disasters never reopen, and 29% close within two years.
  • 93% of businesses that lost their data center for10 days went bankrupt within one year.
  • 40% of all companies that experience a major disaster will go out of business if they cannot gain access to their data within 24 hours.
Disaster Recovery
 Order Disaster Plan TemplateDisaster Plan Sample
- more info

After a breach event - what to do

February 2nd, 2014

One of the greatest assets of the vast majority of organizations consists of digital bits of information, not their physical holdings. Increasingly, data stored in databases, file management systems, flat files, spreadsheets, and other information storage formats is the linchpin for enterprise success. Intellectual property, transactions, and records to name a few are fueling business because that information is the currency upon which business operations function. Organizations are creating and using data at an unprecedented level, as represented in the demand for storage capacity.

After a data breach, following five steps:

  • Know what you have and prioritize by risk levels
  • Define what "good" looks like
  • Harvest system state information from your production systems
  • Perform a reference node variance analysis to identify compromised systems
  • Remove suspect systems from the environment and return to a trustworthy state

Order Security ManualTable of Contents

- more info

Winter weather can cause business interruptions

January 3rd, 2014

Disaster Recovery and Business Continuity plans need to consider natural weather and events. The effects that natural events have on the environment directly and indirectly may be harmful to people. Forest fires and volcanoes harm air quality. Hurricanes and floods can contaminate water supplies and damage wastewater facilities. Any of these can spread contaminated materials into the environment.

Weather Disasters
 Order Disaster Plan TemplateDisaster Plan Sample
- more info

Disaster Recovery Digest - current articles on Disaster Recovery and Business Continuity

December 15th, 2013

Disaster Recovery Digest - current articles on Disaster Recovery and Business Continuity.

Disaster Recovery
 Order Disaster Plan TemplateDisaster Plan Sample
  1. 10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud 10 Backup best practices -  supplementing a disaster recovery and business continuity back-up solution with the cloud Backup best practices are used by many CIOs...
  2. Importance of Business Continuity ...
  3. Top 10 tips for Disaster Recovery in a Small Business – best way to protect your data Disaster Recovery for a Small Business Baseline for best practices defined in Janco’s Disaster Recovery Business Continuity Template. As requirements for avoiding downtime become increasingly...
  4. Business Continuity Plan Has to be in Place Now Business continuity plan is something that every organization needs to have in place before a disaster happens.  Every day somewhere in the world disasters are...
  5. IBM Business Continuity Plan Services Business Continuity Services Video Business continuity video is good overview of what IBM thinks about this...
- more info