Technology providers for businesses should hold their internal practices to a high standard, especially relating to security and threat management. With that in mind, here are four questions business leaders can ask when evaluating how an IT provider approaches security for their internal organization and customers.
1. What external
security/process audits do you conduct?
It’s one thing to say you’re secure. It’s another to pay someone to audit your processes and evaluate your claims. Does the IT provider have third-party reports of SOC 2, HIPAA, or PCI security audits?
2. Are you compliant?
No provider will be able to hand you a sheet of paper saying, “We are 100% compliant.” So your task is to discover how comfortable they are with the idea of compliance and how seriously they take their role in maintaining your data’s security. Keep in mind that if you are bound by compliance regulations, then a service provider handling your data is bound by the same regulations. Try to gauge their understanding of their compliance obligations.
Also good to ask (healthcare providers only): Can I see a copy of your Business Associate Agreement?
3. What security measures do you have in place?
How do they secure themselves? Do they “walk the talk”? This is especially important if the provider is hosting your data in their own data center.
4. How can you help me achieve compliance?
What security services can this company offer your business? Technology itself can’t make an organization “compliant,” but a security-minded IT provider should be able to help you reach your compliance goals.
Also good to ask: Depending on your industry you may want to ask about your specific compliance concerns. For example, healthcare providers will need to ensure that HIPAA compliance is maintained at all times. Companies dealing with sensitive financial information will need to ensure full PCI
Business leaders must also engage in technical and non-technical conversations to evaluate whether a provider can really meet its company’s needs. C Spire Business has put together a guide that outlines the best questions to ask when evaluating an IT provider as a technology partner.