STAMFORD, Conn. – As credit unions continue outsourcing various parts of their technology and business process infrastructures, they need to make sure their new partners are keeping things secure. Before they sign. "The key to successful and secure outsourcing agreements is understanding the security and privacy risks for a business process, application or technology function early in the outsourcing decision process," says Kelly Kavanagh, a senior analyst at Gartner Inc. Kavanagh recommends that enterprises audit prospective enterprise service providers (ESPs) to make sure that their policies and controls meet the clients' security standards. Included would be regulatory compliance requirements and other industry-specific concerns, such as privacy laws. And, Kavanagh says, organizations that can't do such a security audit themselves should requires ESPs to prove themselves that they've had one done by an independent third party. If audits aren't available, organizations should use scanning services to ensure against vulnerabilities in the outsourcer's applications and gateways, and should continue to do so periodically even when audits are available. The think firm analyst adds: "An enterprise's security staff should be at the table from the start of the process and throughout the life cycle of the outsourcing deal. "The security staff should be included in the operations management functions, working with the vendor's delivery management staff as well as the strategic planning function where standards, architecture and integration decisions are made."