1. Identify all sensitive data in a system. Start with the most obvious, but don\u2019t assume anything is "safe."2. Assess the strength of outsourcers\u2019 physical and information security practices before signing a contract with them.3. Build not only the regulations compliance into outsourcing contracts but include specific processes for meeting requirements.4. Include a change control mechanism in the contract so that as situations shift (for example, the outsourcer wants to add foreign nationals to a project), processes can be revised.5. Create security profiles for all workers and lock down foreign nationals\u2019 access to regulated information.6. Employ at least a two-factor method of identification for all users.7. Use an outside company to assess your network security. Find out, for example, if workers can break into the rest of the network when you provide access to a live production server.8. Conduct periodic audits of the outsourcers\u2019 compliance with the federal regulations.