Any recommended risk assessment methodologies when outsourcing IT?

[aristotelis3 () gmail com]

hello people!

I am doing a masters in Information security and am currently working on my MSc dissertation. I am focusing on 
information risks that arise when outsourcing IT. In particular, when starting an outsourcing relationship, how can we 
manage the additional risks (on top of the ones our own organization has to deal with) to which the outsourcer is 
exposed and consequently exposing our organization? 

Is there a recommended security risk assessment methodology? Is there a proposed risk management framework?