1. Define key roles and responsibilities (e.g., for the outsourcing coordinator, business-department managers, etc.).
2. Establish and maintain comprehensive
written policies and procedures.
3. Create a centralized database of service providers to monitor risk ratings, compliance requirements, and overall performance.
4. Establish a "risk rating" methodology that includes provisions for rating definitions and scope-frequency of review.
5. Define and document relationship strategies based on the risk assessment-rating.
6. Ensure regulatory requirements are being met by conducting periodic self-assessments.
7. Provide for thorough due-diligence with detailed checklists.
8. Provide for comprehensive contracts and service level agreements that incorporate regulatory requirements and relevant performance standards.
9. Ensure that service providers' information security programs are consistent with the requirements and your expectations.
10.Stay current with industry best practices and regulatory requirements for outsourcing and service provider management.
