II.C.20(b)     Managed Security Service Providers

Management may rely on third parties to provide security services; management, however, remains responsible for ensuring the security of the institution's systems and information by overseeing the effectiveness of the services provided by the managed security services provider. Additional information is available in appendix D of the IT Handbook's "Outsourcing Technology Services" booklet.


Previous Section
II.C.20(a) Outsourced Cloud Computing
Next Section
II.C.21 Business Continuity Considerations