Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

A.14.2.7 - is a developer hired as a consultant considered outsourced development?

  Quote
Guest
Jakob Created:   Oct 18, 2021 Last commented:   Oct 25, 2021

A.14.2.7 - is a developer hired as a consultant considered outsourced development?

We're a software development team of 3 persons. 2 of the persons are hired directly as employees in our company but the third developer is hired through his own company, which means that legally he is a 3rd party. BUT he only works with us for the time being, being supervised by the two other developers and in every other way working as if he was practically hired directly by us in our company. Is this considered "Outsourced development"? I mean it's not like we've engaged a large company to do the development for us. The only difference is that he is sending invoices to get paid while the two other developers are getting their salary as employees.   So - is a developer hired as a consultant considered outsourced development?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
Jakob Oct 18, 2021

Addition:
In general many of us (including my self acting as Compliance Officer) are engaged via our own companies and invoicing for our salary instead of being hired directly by the company. In all other aspects we're the same as the employees - should we treat ourselves as 3rd parties or employees? I mean in terms of security awareness training, confidentiality statements etc. 

Quote
0 0
Expert
Rhand Leal Oct 21, 2021

From an ISO 27001 point of view, when a person works full-time for a company, and the company controls all aspects of his/her work, then this person can be considered as part of the scope - not as a third party.

Quote
0 0
Guest
Jakob Oct 21, 2021

Alright thanks. But legally I guess we would have to treat him as a third party, right? I mean we have a Third-Party Confidentiality Statement and we have a Employee Confidentiality Statement. Legally it would not make sense to treat a person engaged through his own company as an employee in this aspect. Do you agree?

Quote
0 0
Expert
Rhand Leal Oct 25, 2021

Yes, legally you have to treat this person as an employee of a third party, but even then you can require this third party that their employees follow the internal rules (policies and procedures) of your own company.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 18, 2021

Oct 25, 2021