The document discusses managing security risks when information technology functions are outsourced to third parties. It covers planning for outsourcing contracts, including assessing security risks, requirements for vendors, and contract terms. It also discusses selecting vendors, administering contracts over time through reviews and audits, and ensuring proper termination of contracts and systems access. Managing security is key throughout the outsourcing lifecycle from initial planning through contract completion.