|
Article 13
|
(Termination, Rescission, or End of a Project)
- After a project is terminated, rescinded, or ends, an organization shall immediately suspend the authorization physical access and logical access grantedto an information service supplier, and reclaim, or request the information service supplier to destroy, the organization’s information assets and trade secrets; where necessary, the organization may request the information service supplier to prove such destruction.
- An organization shall define the requirements for service continuity following the termination of IT outsourcing, including the following:
- information security requirements with which the initial information service supplier and the organization shall comply, if it is decided the product or service is to be transferred by the initial information service supplier back to the organization or to another information service supplier
- the organization’s information assets which are used in the IT outsourcing project, to facilitate their return to the organizationin an intact form, or ensure their destruction or transfer to another information service supplier,upon termination of the project
- the procedure for the above return, transfer, or destruction, and supporting documents to be presented where necessary
- the survival of the confidentiality undertakings after the IT outsourcing is terminated
- time limit for the completion of the termination procedure
|