Outsourcing in the field of information systems has become a common practice that offers several advantages but also poses security risks that need to be evaluated. These risks can be particularly related to deficient or incomplete contractual specifications.

This guide outlines these risks and the key points to consider when outsourcing the information system. Furthermore, the primary objectives of this guide are to:
 

•  Raise awareness among decision-makers about the security risks associated with any outsourcing operation;
•  Provide a set of preventive measures to mitigate the risks related to an outsourcing operation.
•  It should be noted that the measures listed throughout this guide are not exhaustive. They constitute a minimal base that must be supplemented by specific measures taken by the entity according to its context and security needs.