November 2023

Managing Security Risk When Going Offshore

Develop Evaluation, Mitigation and Recovery Strategies Before Developing Software Offshore

This month we continue with the theme of offshore development best practices.  Whether you are exploring offshore development to solve cost or skill availability pressures, you should also think about:

  • Developing a strong evaluation framework to select the right partner,
  • Deploying a strong privacy-first technology infrastructure (e.g., VPNs, etc.),
  • Implementing mitigation strategies to prevent security breaches (e.g., HITRUST, SOC2, ISO 27001, etc.), and
  • Codifying a strong security breach recovery plan in case something happens

Compliance with HIPAA, SOC2, HITRUST, etc. is straightforward to implement with some upfront planning.  In this month’s newsletter, we explore a variety of topics around data security when incorporating offshore software development into the mix.



How to Utilize Offshore Vendors Without Breaking the Law

By Healthcare Compliance Pros

The challenge with the HIPAA Privacy and Security Rule when offshoring services is enforcement. It is difficult for the Office of Civil Rights (OCR) to investigate offshore vendors, and for that reason Business Associate Agreements (BAA) offer limited protection for healthcare organizations utilizing offshore services.

This article outlines some considerations to take into account when outsourcing services to an offshore vendor.



Managing the Security Risks of Offshore Software Development

By Attomus

Offshore software development presents its fair share of security risks, making it imperative for businesses to address and mitigate potential vulnerabilities.

This article explores the various security risks associated with offshore software development and provides valuable insights and best practices for effectively managing and mitigating these risks.



HIPPA Omnibus and Offshore Vendors

By Marianne Kolbasuk McGee

Under the HIPAA Omnibus Rule, partners/vendors are directly liable for HIPAA compliance, including penalties for data breaches.  But what happens if those vendors are located outside the U.S.?  HIPPA doesn’t say anything about offshore partners/vendors.

Today, the list of patient data-related services provided by offshore vendors to U.S. healthcare organizations is extensive.  HIPAA, unlike certain other federal statutes, does not have explicit extra-territorial reach.

This article offers a good perspective on all these issues.



Q&A: A Guide to Compliance and Third-Party Contracts

By Cesar Cantu

Compliance has turned into an increasingly relevant yet complicated issue in the services sector, including the fact that compliance has yet to catch up with nearshore services providers.

This article is a Q&A with three experts involved in compliance who provide some insights into what compliance actually entails, how it is applied in B2B contracts and how it should be navigated when it involves third party providers.

MangoChango’s ability to deliver unquestionable value to its clients is highly dependent on keeping abreast of new technologies and trends. Our clients value this commitment to leading-edge thinking and expertise.

MangoChango’s engineers are experts in a wide variety of technologies, frameworks, tools, and languages, with an emphasis on continuous learning as new thinking, tools, and techniques come to market.

Check here for more information and to explore our technology assessment and maturity framework.

Meet The Team

Talent Inside MangoChango

View this email in your browser