Picking a new IT supplier is sometimes as easy as signing up online. But with the increased importance and liability of handling certain information, it makes sense to ask suppliers to prove they can adequately protect the information they will access, process, handle or store for you.
Here are a few basic questions to ask new suppliers. It is also a good idea and ask these questions of your existing suppliers. If you don’t like the answers, it may be time to look elsewhere.
- What information will they need access to in order to provide the service? Think of it like this, the more sensitive the information, the more thought should go into the security measures employed by you and suppliers to protect it.
- What controls are in place to ensure the security of the information they will have access to, process or store?
- Is the supplier reliant on sub-contractors to deliver the service to you? If so, what contingency plans does the supplier have if a sub-contracted service is disrupted or no longer available?
- Do you have a contact name at the supplier, who you can contact with information security related issues?
- What screening requirements, if any, does the supplier have for personnel? You need to know that only properly vetted and qualified people are handling your information.
If you would like to learn more about a comprehensive information security program and discuss if your business should be looking beyond cyber security, feel free to reach out to us through one of the following methods:
- To contact our MD: Send an email to firstname.lastname@example.org
- To contact our Information Security Manager: Send an email to email@example.com
- Click here to submit a request for us to call back.