Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends February 29, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Outsourced development

  Quote
Guest
Guest user Created:   Jan 05, 2023 Last commented:   Jan 05, 2023

Outsourced development

I am struggling with the definition of outsourced development at the moment and seek advice.

My CTO’s view is that we do not have any outsourced development which , if true, would mean that we should be able to exclude A.14.2.7. But I am not really sure what I think. We have a small team of developers in another country (Poland) hired by a consultancy firm. We have a dedicated Team leader (hired by us) leading that team (operationally) and the developers in the team are otherwise handled as any other developer in our organisation. Most of them being consultants, the only thing that differ is that the team in Poland is hired by a third party. They follow the same processes, use the same information (located in the management system) and are monitored in the same way as all other developers in our organisation. They are a part of our internal communication with department meetings, company meetings, using our organisations MS Teams etc). They have the same access (depending on their role and their need) and are added in our people register as any other consultant. This is the reason to why we are saying at the moment that we don’t have Outsourced development. But is this enough? Or are we, just because we are using a third-party firm to supply these developers by fact having an outsourced development?

Really appreciate if you take time to read my question and any help to become a bit wiser in this =)

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 05, 2023

Please note that, in a general way, when you have any part of the software development performed by personnel hired by external parties then you have outsourced development, regardless of the level of control your management have over this team, or the organization’s resources they have access to.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 05, 2023

Jan 05, 2023

Suggested Topics