Guidance for health and care organisations to make sure that the potential security risks that come with using an outsourced provider or supplier for IT or other services are assessed and managed correctly, so that systems and data are properly protected.
The guidance covers:
- assessing outsourcing risks
- contracts and confidentiality agreements
- hiring and training of employees and third party staff
- access controls
- security audits
- responsibilities for contract and supplier monitoring