Data Security Questions to Ask Your IT Provider

Are you planning to hire a new IT provider? If so, you need to ensure that your choice of provider is competent enough against the ever-changing tactics of hackers. As much as outsourcing your IT is a good decision, it will only be beneficial if you have the right people to handle it for you.

But before you ink the deal, make sure that you ask the IT provider the following questions:

What certificates do you currently hold?

Depending on the industry you are in, you might be required to comply with the Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry Data Security Standards (PCI DSS). Your choice of managed IT provider should be certified to fulfill the demands of such laws. Always ask to see a copy of their certificates to be sure.

Do you have a disaster recovery plan? What does it cover?

A managed IT provider should have a solid disaster recovery plan in the event of a massive breach. This ensures that their clients will experience the least possible impact, both in terms of reputation and financial.

When asking about the disaster recovery plan, inquire where your data is stored and what you can expect from them.

How do you handle failed data storage devices?

IT providers need to handle end-of-life hardware and failed data storage properly to prevent data leaks. The provider should have a disposal system that will prevent anyone from retrieving or reusing the hardware.

If your IT provider partners with a third-party service to dispose of the hardware, ask if it’s accredited and certified accordingly.

How many and what type of data centers do you have?

Data centers fall into four different tiers. The highest level, Tier 4, offers the highest possible security since it uses chillers, heating, uplinks, reliable hardware, and more.

Most Tier 4 data centers have a guaranteed 99.995% uptime and better security layers than lower tiers.

Aside from the type, ask how many data centers they use. The more redundant their servers are, the better.

What physical security measures do you have?

Aside from a strong cloud presence and cybersecurity, the IT provider should also have a secured facility. This will guarantee that your data is protected from intruders and unauthorized access.

Remember, the IT provider should value physical security as much as it focuses on cybersecurity. Aside from theft, the facility should also be tolerant of natural threats like earthquakes, flooding, and hurricanes.

Who is my point of contact with your company?

The IT provider must designate a point of contact or account manager for every client. This way, you can quickly raise issues and receive updates in real-time.

An IT provider with no clear means of communication isn’t a great choice. Take your time and look for another option.

How will you notify me in case of a breach?

Businesses are compelled to declare a data breach as soon as possible to every stakeholder. This includes their customers and employees. And since you’re outsourcing your IT, the provider should inform you as it happens. This way, you can plan to mitigate the situation.