• sv
  • en
  • dk
  • no
  • fi
  • ACE Products
  • ACE Platform
  • ACE Services
  • ACE Insights & Inspiration
  • ACE Help Hub
  • sv
  • en
  • dk
  • no
  • fi
  • Home
  • ACE Products
    • ACE Chatbot
    • ACE Knowledge
    • ACE Conversational IVR
    • ACE e-sign
    • All media
    • Omnichannel
    • Understand and tune
    • Survey
  • ACE Platform
    • About us
    • Our cloud service
    • Open interfaces
    • Access system
    • PBX integrations
  • ACE Services
    • ACE Professional Services
    • ACE Academy
  • ACE Help Hub
  • Logg inn på ACE academy
    • ACE Academy
    • ACE Professional Services
    • Self service
    • Chatbot
    • Knowledge
    • Conversational IVR
    • E-Sign
    • Media
    • Chat
    • Video
    • Email
    • Call
    • Callback
    • Campaign and dialer
    • Social media
    • SMS
    • Omnichannel
    • Media blending
    • Multimedia routing
    • Agent tool
    • Interaction archive
    • Co-browsing
    • Proactive web
    • Understand and tune
    • Statistical Reports
    • Pulse realtime monitor
    • Business intelligence
    • Interaction analytics
    • Recording
    • Workforce management
    • Survey
    • About us
    • Our partners
    • Our cloud service
    • Open interfaces
    • Access system
    • PBX integrations

    Logg inn

    Nytt passord

    För att byta lösenord krävs en adminkod. Om du byter lösenord kommer lösenordet bytas för alla som har tillgång till kontot.

    Byt lösenord

    Fel admin kod

    Ditt lösenord är nu uppdaterat

    Fälten är inte ifyllda korrekt försök igen

    Det nya lösenordet måste vara längre än 8 tecken

    Användaren är inte behörig

    "Start thinking security early in the procurement process"

    #security

    Mikael gives expert advice on information security and outsourcing

    februar 7, 2020

    When you go about procuring a new system, evaluating it based on usability, adaptability and how well it matches your internal processes is a no-brainer. Something that may not be quite as obvious for future system users is the information security aspect. Before initiating a procurement of IT-outsourcing it is important to define the information security requirements and to make sure that a potential system supplier can meet them.

    Mikael Söderberg works with information security at Telia and heads the CIS Security Team. He has solid experience of information security demands from both a procurement and supplier perspective. Now he has written a guest blog post to help us figure out how to best address security when procuring a system like Telia ACE.

    Start out with classification and risk analysis

    When it comes down to it, information security is about making sure that you have the right level of protection for your various information types. To protect all information in a business would hardly be possible and certainly not make economical sense, rather it is important to figure out what information needs protecting. In practice that means that only authorized persons shall be able to access the information, that the data is always correct and that it is available when you need it. In order to evaluate what is the right level of protection the first step is to classify your information.

    Information classification is the basis for good information security work and is a process where you define which information is worth protecting, in what respect and on what level. Some data may for example not under any circumstances fall into the wrong hands, and other information must always be available.

    Following classification, a natural next step is to make one or several risk analyses to evaluate which risks it poses to hand over that information to an external party as well as what the information needs protecting from during the contract period.

    Develop clear requirements for systematic information security work

    After classification and risk analysis the work of establishing the actual requirements begins. Here my recommendation is to deliver clear and actionable requirements to the supplier together with your assessment of what is necessary for the information to be handled in a safe way. Since compliance is a vital part of information security it may also be a good idea to ask the supplier for an ISO-certification. Alternatively, ask questions in to establish whether the supplier works systematically with information security. Also ask to gain insight into the intended supplier’s system for information classification and compare how well it aligns to your internal structure.

    For us as a supplier it also gives us opportunity to inform the customer if we do not think that a certain type of information belongs in our system. For example, we do not handle sensitive personal data such as union membership or religious affiliation in Telia ACE.

    Before you sign any agreement, it is also important to have a plan for changing suppliers in the future. You need to be able to take back the management of the outsourced function, and to extract your data without suffering too much operative damage.

    Mikael Söderberg, chef för CIS Security Team

    Mikael shares his expertise on information security best practices in an outsourcing context.

    Ensure that your intended supplier treats personal data (at least) as well as you do

    Make sure to sign a data processing agreement (DPA) with the supplier to assure that the personal data that is handled by the supplier will be protected in the same way as if you handled it yourselves. If the supplier uses subcontractors, they also need to follow the established requirements regarding information security.

    Ask for routine descriptions about how the supplier can help you to follow the individual’s rights, meaning the right to have data corrected, erased or blocked, or to extract or move their data. Also ask about the policies regarding security incident management and how you will be informed about a security incident that has taken place.

    Get the professionals involved

    There’s a lot to gain from involving the security organization early in the procurement process. The requirements you present to your supplier should mirror your internal requirements as well as the external requirements that you are subject to by authorities and laws. As a supplier we would rather not have an extensive security attachment presented to us late in the process, and are much happier when we can evaluate our customers’ requirements in a calm and methodical way.

    We’re here to talk security

    If you are about to outsource there’s a lot to think about and if I were to point out a few advantages of Telia as a supplier I can mention that we have an extensive security department and are certified according to ISO 27001. We can also provide a single point of contact for security matters; a person who is well versed in the customer’s environment. We consider information our core business and best-of-breed security work is in our genes.

    In a hurry? This post in five seconds!

    • Start thinking security early in the procurement process. Involve pros
    • Classify information based on need for protection and risk. Define requirements from there
    • Routines, especially surrounding personal data, are super important. Certifications (both for yourselves and for potential suppliers) can serve as seals of quality
    LinkedInTwitterFacebookEmail
    Flere innlegg

    Did you like this?

    Make sure to subscribe to the ACE blog and we will email you when there is new content.

    Subscribe to the ACE Blog

    • About
      • About Telia Company
      • Privacy
      • Terms & conditions
      • Credits
    • Help Hub
      • Support
    telia logo

    Integritetspolicy | Cookies

    We are using cookies to give you the best experience on our website.

    You can find out more about which cookies we are using or switch them off in settings.

    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

    Necessary Cookies

    Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

    Analytics & functionality

    Analytics. This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

    Functionality. This website also showcase our chat bot tool and in order to be able to deliver that service and functionality it collects cookies.

    Please enable Necessary Cookies first so that we can save your preferences!

    Cookie Policy

    More information about our Cookie Policy. Your cookie consent is saved for one year.

    Powered by  GDPR Cookie Compliance