Development of certification and audit processes of application service provider for IT outsourcing

Abstract ASP (Application Service Provider) refers to an exclusive outsourcing service in which the service provider is given access to the data located in an external data center. Therefore, the security of data and the reliability of the service provider are matters of great importance even when comparing with other information systems. Essential to securing the reliability and efficiency of the ASP service are certification and audit processes. In this paper, we discuss certification and audit processes of ASP services. Our research included: first, a survey of 35 Korean companies’ awareness, advantages and concerns on ASP services. This formed the base of our research. Second, the ASP certification framework and processes required to verify the reliability of ASP services were summarized and case applications were also outlined. Finally, we proposed an audit process aimed at improving efficiency of ASP services. By reference to traditional definitions of information systems and the audit process, new definitions and frameworks for the ASP audit are suggested. The new information system audit processes were compared with traditional ones, and the detailed control items were verified through calculation of their relative importance with respect to ASP life-cycle activities.