ISMS Control of Outsourced Processes
ISMS Control of Outsourced Processes
ISMS Control of Outsourced Processes
Internal document
Procedure Ref : PO-DSIXXX
Version : 0.1
Control of Outsourced Processes Date : 26/09/2020
Page : 2/3
1 Introduction
2 Scope
This procedure sets out how VOICECOM identifies and controls outsourced processes that
may pose a threat to our information security.
3 Revision History
Revision Date Record of Changes Approved By
0.1 09.26.2020 Initial Issue
5 References
Standard Title Description
ISO 27000:2014 Information security management systems Overview and vocabulary
ISO 27001:2013 Information security management systems Requirements
ISO 27002:2013 Information technology - security Code of practice for information security
techniques controls
ISO 19011:2011 Auditing Management Systems Guidelines for auditing
6 Definitions
an “outsourced process” is a process that is required by VOICECOM, but which
VOICECOM chooses to have performed by an external party
“staff” and “users” means all of those who work under our control, including
employees, contractors, interns etc.
7 Responsibilities
The <ISMS Manager> and the <Purchasing Manager> are jointly responsible for all aspects
of the implementation and management of this procedure unless noted otherwise.
informing the <ISMS Manager> about any processes they wish to outsource which
may have implications for information security
ensuring that all staff under their control understand and undertake their
responsibilities accordingly.
9 Records
Records retained in support of this procedure are listed in the ISMS Controlled Records
Register and controlled according to the Control of Management System Records
Procedure.