The Regence Group, a US health insurance firm, outsourced its IT security function and, while the service provider was responsible for monitoring the electronic perimeter, security management, technology safeguards and administrative procedures remained with the company. Regence appointed a five person team responsible for audit and compliance checking and the team monitored how the provider handled security events. One unexpected benefit was the service provider being able to defend the credi...
BPIR Categories9.3.4 Create & deploy teams
10.5.2 Manage information technology facilities.
11.4.1 Design/conduct internal/external audits