Abbey National, one of the United Kingdom's largest retail banks, hasn't outsourced its information security to a managed security services provider\u2014yet. But talk to Marcus Alldrick, the bank's head of group information security, and you'll realize that a lot of thought has gone into figuring out how it might be managed and monitored. Alldrick seems to be a firm believer in the merits of tightly specified service-level agreement metrics.But when it comes to selecting a provider, he's far less concerned with its ability to pump out management reports than he is with its overall approach to business. "Information security is a business requirement, not a technical solution," he says. "It's very much about partnership."And in selecting that partner, he warns, be under no illusions as to the downside. "Ultimately, you're looking for a strong assurance that this partner will protect your interestsnot only your information assets but your reputation, your financial standing, your industry standing and the confidence of your institutional investors," he says.