Application Service Provider

Topics: Confidentiality, Information security, Application service provider Pages: 2 (617 words) Published: April 29, 2013
Application Service Providers (ASP) Policy
Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to stephen@sans.edu 1.0 Purpose This document describes Information Security's requirements of Application Service Providers (ASPs) that engage with . 2.0 Scope This policy applies to any use of Application Service Providers by , independent of where hosted. 3.0 Policy 3.1 Requirements of Project Sponsoring Organization The ASP Sponsoring Organization must first establish that its project is an appropriate one for the ASP model, prior to engaging any additional infrastructure teams within or ASPs external to the company. The person/team wanting to use the ASP service must confirm that the ASP chosen to host the application or project complies with this policy. The Business Function to be outsourced must be evaluated against the following: 1. 2. 3. 4. The requester must go through the ASP engagement process with the ASP Tiger Team to ensure affected parties are properly engaged. In the event that data or applications are to be manipulated by, or hosted at, an ASP's service, the ASP sponsoring organization must have written, explicit permission from the data/application owners. A copy of this permission must be provided to InfoSec. The information to be hosted by an ASP must fall under the "Minimal" or "More Sensitive" categories. Information that falls under the "Most Sensitive" category may not be outsourced to an ASP. Refer to the Information Sensitivity Policy for additional details. If the ASP provides confidential information to , the ASP sponsoring organization is responsible for ensuring that any obligations of confidentiality are satisfied. This includes information contained in the ASP's application. 's legal services department should be contacted for further guidance if questions about...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Erp as Software as a Service (Saas) for Smes Essay
  • Services operation Research Paper
  • Essay on Service Provider
  • Data Entry Service Provider Essay
  • Logistic Service Provider Essay
  • Positioning Strategies for Service Providers Essay
  • A Comparative Study of Factors Affecting Customer’s Perception for Different Mobile Service Providers” Essay
  • Service concept Research Paper

Become a StudyMode Member

Sign Up - It's Free