EPI’s governance and risk management principles clearly state:
When a data center outsources maintenance,operational work can be outsourced, but risk cannot be transferred.
Risk may beshared, mitigated, or reduced through contractual arrangements, butownership remains with the data center service provider.
The data center operator is still responsible for ensuring compliance, operational continuity, and safety—even if another party performs the maintenance tasks.
Therefore:
The service provider must remain involved in risk evaluation, risk treatment, and ongoing monitoring.
Oversight responsibilities cannot be delegated.
OptionsCandDare incorrect because outsourcing the activity doesnotoutsource risk accountability.
OptionBis irrelevant because risk responsibility does not depend on provider expertise.
Risk ownership remains with the organization even when maintenance is outsourced.
Outsourcing shares risk but does not transfer it.
The data center must maintain involvement in the risk management process.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit