Expert Advice Community

Guest

DevOps

  Quote
Guest
Guest user Created:   Sep 20, 2021 Last commented:   Sep 20, 2021

DevOps

If my technology firm outsources DevOps, on an asset register (on which to base a risk register) do I need to know make and model of hardware/software used by the outsourcing organisation or is it sufficient to log that the outsourcing organisation represents a risk as they are a third-party?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 20, 2021

In this case, you only need to include in the asset register the outsourcing organization as a service provider.

Risks related to the outsourcing organization (i.e., risks related to hardware/software used by them) you can handle through the supplier security policy.

These articles will provide you a further explanation of asset register and supplier security:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 20, 2021

Sep 20, 2021

Suggested Topics