Key responsibilities and accountabilities

POLICY
* Review Client outsourcing policy. Identify changes requires for the companies jurisdiction especially including GDPR, SYSC8 compliance and other local requirements. Agree revised policy with all stakeholders
REGISTER
* Build register of material and non-material outsourcing contracts
* Ensure information contained in the register is necessary complete and up to date
RISK ASSESSMENT APPROACH
* Define a template outsourcing risk assessment and checklist of risks to be considered including
* Risks to be managed by the vendors and controls assured to the business eg BCM, data security
* Risks retained by the business as a result of outsourcing eg vendor failure, information disclosure, failure to define service requirements
* Build a standard menu of controls against each risk and describe the implementation of each control eg is it within contract, service management, annual assurance etc
* Define regulatory requirements for all contracts eg right to audit
PER CONTRACT RISK AND REGULATION ASSESSMENT AND REMEDIATION
* In conjunction with contact owners, carry out a regulatory compliance and risk identification for all existing contracts including contract and service review
* Mitigate identified risks for each of these agreements eg obtain annual BCM assurance, negotiate contract changes etc.
MONITORING AND GOVERNANCE
* Define the standards, SOPs and internal governance meetings required atthe company to manage outsourcing risk. Agree with EMC (and Group stakeholders if required). Must include meeting terms of reference, meeting agenda items and assurance / evidence required from contract owners
* Define the standards, SOPs and vendor meetings required to manage service and risk.
DOCUMENTATION AND HANDOVER
* Document relevant outsourcing management and governance SOPs, policies and standards
* Oversee one cycle of the framework and hand over to owners