Cybersecurity is an ongoing concern for all organizations. When user organizations enter into sourcing relationships, they need to segregate responsibilities on security controls in the context of the managed service. The user organization typically provides a copy of its security policy for service providers, who then answer the tender with reference to their established information security management system. We observed that neither the party in charge nor the party transferring responsibilities are drilling into depth of each other’s security regulations.
With the threat of cyber warfare with increasing supply chain attacks improved risk awareness is essential.