System Guides

ISO 18788 Clause 7.1.2.4 focuses on the management of subcontracting or outsourcing activities within the Security Operations Management System (SOMS). It outlines requirements for defining and documenting processes, agreements, and terms of reference when engaging with subcontractors or outsource partners. Here's an explanation of the key elements of this clause:

Clause 7.1.2.4 - Outsourcing and Subcontracting:

1. Clearly Defined Process: The organization is required to have a clearly defined process for subcontracting or outsourcing activities, functions, and operations related to security operations. This process should ensure that engagements with subcontractors or outsource partners are well-managed.

2. Documentation of Terms of Reference and Codes of Conduct: The organization must establish, document, communicate, and monitor compliance with specific terms of reference and codes of conduct for subcontractors and outsource partners. These terms should relate to security operations and the respect for human rights.

3. Documented Agreement: When entering into subcontracted or outsourced arrangements, the organization must have a documented agreement that covers various aspects, including:

• a) Commitment by subcontractors to abide by the same legal, ethical, and human rights commitments and obligations as held by the organization. This ensures that subcontractors align with the organization's values and standards.

• b) Process for reporting risks, occurrences, and responses to undesirable and disruptive events. This helps in maintaining transparency and effective risk management.

• c) Confidentiality and conflict of interest agreements. These protect sensitive information and prevent conflicts that may arise during subcontracting.

• d) Clear definition and documentation of the services to be provided. This ensures clarity regarding the scope of work.

• e) Scope and limitations of command and control. This defines the boundaries of authority and responsibility.

• f) Definition of the support relationship between the contractor (organization) and the subcontractor. This outlines how support will be provided and received.

• g) Conformance to the applicable provisions of ISO 18788. This ensures that subcontractors adhere to the requirements of the International Standard.

In summary, this clause emphasizes the need for a well-defined process and documented agreements when subcontracting or outsourcing security operations-related activities. It also ensures that subcontractors and outsource partners align with the organization's legal, ethical, and human rights commitments. Clear communication, documentation, and compliance monitoring are key aspects of managing these relationships effectively within the SOMS.