SlideShare a Scribd company logo

The 10 Things You Need To Ask Your Isaca Dublin 05052010 No Notes

F
famudal

Presentation on managing the risk of outsourcing, saas, paas, ect..

1 of 17
The 10 Things You Need to Ask Your Outsourcing Partner Timothy Youngblood Dell, Inc.
This isn’t new
Approaches to Delivery SaaS Cloud PaaS
New Tech Driving Change
Reduced Sales Cycles $$$ The Enterprise SalesForce.com Example http://www.youtube.com/watch?v=ae_DKNwK_ms&feature=related
Key Assumptions 1. & 2.
Key Assumptions 3. & 4.
Key Assumptions 5. & 6.
Key Assumptions 7. & 8.
Key Assumptions 9. & 10.
Managing the Risk Option 1 SAS-70 Type 1 or Type 2 – Report on the adequacy of the design and/or effectiveness of controls, performed for a service organization on behalf of its customers by an independent auditor *SAS-70 scheduled to be superseded by ISAE 3402 as proposed by the International Auditing and Assurance Standards Board (IAASB); Reporting Periods ending after June 15,2011
Managing the Risk Option 2 Trust Principles (SysTrust, WebTrust)– Report on IT enabled systems including e-commerce systems. It is particularly relevant when providing services with respect to security, availability, processing integrity, online privacy, and confidentiality.
Managing the Risk Option 3 Agreed Upon Procedures – Customized report on managements assertion of controls. Can include standardized framework controls such as COSO, COBIT, ISO-27001.
Inclusive of a Team Team Members IT Procurement Legal External / Internal Audit Compliance Privacy Ethics
Think Before You Drink! Do you have external security scans/assessments? Can you provide your last two table/top results plus DR plan? Is there a escrow agreement? How do you meet PCI, GLBA, HIPAA ect..? Is there breach notification requirements in the T&Cs? Do you have provisions for privacy requirements? How does your attest offering cover my use of the service? Can my internal/external audit teams access the facilities? Will your Development/Engineering follow my standards? Are there subcontractors and how do you manage them? Outsourcing
Thank You Timothy_Youngblood@dell.com

Recommended

UM Chile - Wave 6
UM Chile - Wave 6UM Chile - Wave 6
UM Chile - Wave 6UMChile
 
I beggar
I beggarI beggar
I beggarsimprro379
 
Sheena Lowrie, Spaces 2012
Sheena Lowrie, Spaces 2012Sheena Lowrie, Spaces 2012
Sheena Lowrie, Spaces 2012TCV Scotland
 
HAPPYWEEK 186 - 2016.09.19.
HAPPYWEEK 186 - 2016.09.19.HAPPYWEEK 186 - 2016.09.19.
HAPPYWEEK 186 - 2016.09.19.Jiří Černák
 
Turbo promotor
Turbo promotorTurbo promotor
Turbo promotorsimprro379
 
The Secrets to Building a Dominant Media Property - Confab MN Central 2014
The Secrets to Building a Dominant Media Property - Confab MN Central 2014The Secrets to Building a Dominant Media Property - Confab MN Central 2014
The Secrets to Building a Dominant Media Property - Confab MN Central 2014Joe Pulizzi
 
Basic Planning Principles Of Assyrian, Egyptian, Roman and Greek Cities
Basic Planning Principles Of Assyrian, Egyptian, Roman and Greek CitiesBasic Planning Principles Of Assyrian, Egyptian, Roman and Greek Cities
Basic Planning Principles Of Assyrian, Egyptian, Roman and Greek CitiesRajat Katarne
 
Problemas de diseño de mezcla ultimo
Problemas de diseño de mezcla ultimoProblemas de diseño de mezcla ultimo
Problemas de diseño de mezcla ultimosaidysantacruz
 

Recommended

UM Chile - Wave 6
UM Chile - Wave 6UM Chile - Wave 6
UM Chile - Wave 6UMChile
 
I beggar
I beggarI beggar
I beggarsimprro379
 
Sheena Lowrie, Spaces 2012
Sheena Lowrie, Spaces 2012Sheena Lowrie, Spaces 2012
Sheena Lowrie, Spaces 2012TCV Scotland
 
HAPPYWEEK 186 - 2016.09.19.
HAPPYWEEK 186 - 2016.09.19.HAPPYWEEK 186 - 2016.09.19.
HAPPYWEEK 186 - 2016.09.19.Jiří Černák
 
Turbo promotor
Turbo promotorTurbo promotor
Turbo promotorsimprro379
 
The Secrets to Building a Dominant Media Property - Confab MN Central 2014
The Secrets to Building a Dominant Media Property - Confab MN Central 2014The Secrets to Building a Dominant Media Property - Confab MN Central 2014
The Secrets to Building a Dominant Media Property - Confab MN Central 2014Joe Pulizzi
 
Basic Planning Principles Of Assyrian, Egyptian, Roman and Greek Cities
Basic Planning Principles Of Assyrian, Egyptian, Roman and Greek CitiesBasic Planning Principles Of Assyrian, Egyptian, Roman and Greek Cities
Basic Planning Principles Of Assyrian, Egyptian, Roman and Greek CitiesRajat Katarne
 
Problemas de diseño de mezcla ultimo
Problemas de diseño de mezcla ultimoProblemas de diseño de mezcla ultimo
Problemas de diseño de mezcla ultimosaidysantacruz
 
很完整的健康方案
很完整的健康方案很完整的健康方案
很完整的健康方案honan4108
 
Android开发工程师必备
Android开发工程师必备Android开发工程师必备
Android开发工程师必备mornone
 
Verefranceze
VerefrancezeVerefranceze
Verefrancezesimprro379
 
Vinsitesafe
VinsitesafeVinsitesafe
Vinsitesafesimprro379
 
El adjetivo
El adjetivoEl adjetivo
El adjetivoTareas Fáciles
 
Universidad nacional de chimborazo(Nellyta)
Universidad nacional de chimborazo(Nellyta)Universidad nacional de chimborazo(Nellyta)
Universidad nacional de chimborazo(Nellyta)UNACH
 
resumen de investigación consultada
resumen de investigación consultadaresumen de investigación consultada
resumen de investigación consultadamanuelyunga
 
Alphaworks deck v2
Alphaworks deck v2Alphaworks deck v2
Alphaworks deck v2alphaworks
 
H7
H7H7
H7MIGUEL ANGEL PALACIOS NOROÑA
 
INDEPEDENT OUTSOURCING ASSURANCE
INDEPEDENT OUTSOURCING ASSURANCEINDEPEDENT OUTSOURCING ASSURANCE
INDEPEDENT OUTSOURCING ASSURANCEArul Nambi
 
Tecnologías sociales.
Tecnologías sociales.Tecnologías sociales.
Tecnologías sociales.José María
 
Synflex
SynflexSynflex
Synflexsimprro379
 
Bar Menus Copenhagen Spirits & Cocktailsv2
Bar Menus Copenhagen Spirits & Cocktailsv2Bar Menus Copenhagen Spirits & Cocktailsv2
Bar Menus Copenhagen Spirits & Cocktailsv2Philip Duff
 
How effective is the combination of your main q4 eval
How effective is the combination of your main q4 evalHow effective is the combination of your main q4 eval
How effective is the combination of your main q4 evallferd
 
Entrepreneurial ecosystem markers -slides
Entrepreneurial ecosystem markers -slidesEntrepreneurial ecosystem markers -slides
Entrepreneurial ecosystem markers -slidesNorris Krueger
 
News Analysis - Is HP getting lean or falling apart?
News Analysis - Is HP getting lean or falling apart?News Analysis - Is HP getting lean or falling apart?
News Analysis - Is HP getting lean or falling apart?Holger Mueller
 

More Related Content

Viewers also liked

很完整的健康方案
很完整的健康方案很完整的健康方案
很完整的健康方案honan4108
 
Android开发工程师必备
Android开发工程师必备Android开发工程师必备
Android开发工程师必备mornone
 
Universidad nacional de chimborazo(Nellyta)
Universidad nacional de chimborazo(Nellyta)Universidad nacional de chimborazo(Nellyta)
Universidad nacional de chimborazo(Nellyta)UNACH
 
resumen de investigación consultada
resumen de investigación consultadaresumen de investigación consultada
resumen de investigación consultadamanuelyunga
 
Alphaworks deck v2
Alphaworks deck v2Alphaworks deck v2
Alphaworks deck v2alphaworks
 
INDEPEDENT OUTSOURCING ASSURANCE
INDEPEDENT OUTSOURCING ASSURANCEINDEPEDENT OUTSOURCING ASSURANCE
INDEPEDENT OUTSOURCING ASSURANCEArul Nambi
 
Tecnologías sociales.
Tecnologías sociales.Tecnologías sociales.
Tecnologías sociales.José María
 
Bar Menus Copenhagen Spirits & Cocktailsv2
Bar Menus Copenhagen Spirits & Cocktailsv2Bar Menus Copenhagen Spirits & Cocktailsv2
Bar Menus Copenhagen Spirits & Cocktailsv2Philip Duff
 
How effective is the combination of your main q4 eval
How effective is the combination of your main q4 evalHow effective is the combination of your main q4 eval
How effective is the combination of your main q4 evallferd
 
Entrepreneurial ecosystem markers -slides
Entrepreneurial ecosystem markers -slidesEntrepreneurial ecosystem markers -slides
Entrepreneurial ecosystem markers -slidesNorris Krueger
 
News Analysis - Is HP getting lean or falling apart?
News Analysis - Is HP getting lean or falling apart?News Analysis - Is HP getting lean or falling apart?
News Analysis - Is HP getting lean or falling apart?Holger Mueller
 

Viewers also liked (16)

很完整的健康方案
很完整的健康方案很完整的健康方案
很完整的健康方案
 
Android开发工程师必备
Android开发工程师必备Android开发工程师必备
Android开发工程师必备
 
Verefranceze
VerefrancezeVerefranceze
Verefranceze
 
Vinsitesafe
VinsitesafeVinsitesafe
Vinsitesafe
 
El adjetivo
El adjetivoEl adjetivo
El adjetivo
 
Universidad nacional de chimborazo(Nellyta)
Universidad nacional de chimborazo(Nellyta)Universidad nacional de chimborazo(Nellyta)
Universidad nacional de chimborazo(Nellyta)
 
resumen de investigación consultada
resumen de investigación consultadaresumen de investigación consultada
resumen de investigación consultada
 
Alphaworks deck v2
Alphaworks deck v2Alphaworks deck v2
Alphaworks deck v2
 
H7
H7H7
H7
 
INDEPEDENT OUTSOURCING ASSURANCE
INDEPEDENT OUTSOURCING ASSURANCEINDEPEDENT OUTSOURCING ASSURANCE
INDEPEDENT OUTSOURCING ASSURANCE
 
Tecnologías sociales.
Tecnologías sociales.Tecnologías sociales.
Tecnologías sociales.
 
Synflex
SynflexSynflex
Synflex
 
Bar Menus Copenhagen Spirits & Cocktailsv2
Bar Menus Copenhagen Spirits & Cocktailsv2Bar Menus Copenhagen Spirits & Cocktailsv2
Bar Menus Copenhagen Spirits & Cocktailsv2
 
How effective is the combination of your main q4 eval
How effective is the combination of your main q4 evalHow effective is the combination of your main q4 eval
How effective is the combination of your main q4 eval
 
Entrepreneurial ecosystem markers -slides
Entrepreneurial ecosystem markers -slidesEntrepreneurial ecosystem markers -slides
Entrepreneurial ecosystem markers -slides
 
News Analysis - Is HP getting lean or falling apart?
News Analysis - Is HP getting lean or falling apart?News Analysis - Is HP getting lean or falling apart?
News Analysis - Is HP getting lean or falling apart?
 

The 10 Things You Need To Ask Your Isaca Dublin 05052010 No Notes

  • 1. The 10 Things You Need to Ask Your Outsourcing Partner Timothy Youngblood Dell, Inc.
  • 3. Approaches to Delivery SaaS Cloud PaaS
  • 5. Reduced Sales Cycles $$$ The Enterprise SalesForce.com Example http://www.youtube.com/watch?v=ae_DKNwK_ms&feature=related
  • 11. Managing the Risk Option 1 SAS-70 Type 1 or Type 2 – Report on the adequacy of the design and/or effectiveness of controls, performed for a service organization on behalf of its customers by an independent auditor *SAS-70 scheduled to be superseded by ISAE 3402 as proposed by the International Auditing and Assurance Standards Board (IAASB); Reporting Periods ending after June 15,2011
  • 12. Managing the Risk Option 2 Trust Principles (SysTrust, WebTrust)– Report on IT enabled systems including e-commerce systems. It is particularly relevant when providing services with respect to security, availability, processing integrity, online privacy, and confidentiality.
  • 13. Managing the Risk Option 3 Agreed Upon Procedures – Customized report on managements assertion of controls. Can include standardized framework controls such as COSO, COBIT, ISO-27001.
  • 14.
  • 15. Inclusive of a Team Team Members IT Procurement Legal External / Internal Audit Compliance Privacy Ethics
  • 16. Think Before You Drink! Do you have external security scans/assessments? Can you provide your last two table/top results plus DR plan? Is there a escrow agreement? How do you meet PCI, GLBA, HIPAA ect..? Is there breach notification requirements in the T&Cs? Do you have provisions for privacy requirements? How does your attest offering cover my use of the service? Can my internal/external audit teams access the facilities? Will your Development/Engineering follow my standards? Are there subcontractors and how do you manage them? Outsourcing

Editor's Notes

  1. Thank you. Questions.What are the parts of a Systrust?How should DR be assessed with your outsourcing partner?Do external auditors determine if a SAS-70 is sufficient?What qualifies for a SAS-70?If a breach occur is the outsourcer held accountable or is it the end customer?