Offshore development center (ODC) Check List

The offshore development center (ODC) is a physical space or office dedicated to projects or customers in the company. Companies can set up a dedicated offshore development center in any location as per business requirements and costs.

but here we are more focused on Information Security when you set up any ODC for your customer what think you need to take care of.

Before Setup ODC

whenever a project or customer approaches you for a new ODC or any new customer onboarded we need to understand their MSA (Master Service Agreement) first whether they need an Isolated ODC or non-isolated or Physical Segregation or only logical Segregation or both.

• is Isolated or Non-Isolated ODC
• Is physical Segregation required?
• is Dedicate Internet required?
• No.of Associate in the project.
• is within ODC Segregation.
• is a surveillance camera on IN and OUT gates?
• is Tailgating control functionality required?
• is a non-shared HUB room or network switch room required?
• are printers required inside ODC?
• is an External Media drive Allowed inside ODC like a pen drive?
• is Mobile Phone allowed inside ODC?
• are personal Assets allowed inside ODC?
• is Voice Port required?
• is Site to site VPN required to configure
• Is a client-to-site VPN allowed inside ODC?
• Any VDI platform is used.
• Any cloud-based solution used from this ODC.
• Any direct remote Access is given to associates from this ODC.
• Any common desktop required inside the ODC.
• Internet Access is Social media site allowed and category-based internet access

After ODC setup

• Check all systems getting the right IP from the given VLAN.
• Check all required URLs and destinations are allowed from the firewall.
• Check all required services are accessing E.g AD, AV, SCCM.
• All logs are configured and monitoring in place
• All Cameras and Access devices are working.
• Hubroom or switch room labeling has been done.
• Workspace labeling has been done
• The client-to-site VPN working and the associate is able to access the required services.
• if the category based internet-enabled, check if any not allowed URL accessing or not

We need to verify all control which is defined in MSA or ODC requirement document. make sure all control is applied and tested before the handover ODC for Production use and after the handover have the right approval process in place for any change.