29 March 2023
In our February newsletter we talked about the need to ensure that any third parties engaged to do work for your organisation preserve the confidentiality, integrity, and availability of your information. One of the steps you can take to make improvements in this third-party risk area, is the level of due diligence you should consider applying upfront and ongoing to each of your third party engagements.
What are some of the due diligence considerations to take into account when selecting an IT service provider or managed service provider (MSP)?
A major component of your checks should be to understand how they access and look after their customer’s systems and data, plus how they secure their own systems and data. Any shortcomings in a provider’s security processes, procedures and practices could result in a security incident which has the potential to compromise your organisation and data.
What should the focus of your attention be?
A high-level list of topics and questions we recommend you include as part of a vetting exercise are –
The 8 examples above certainly don’t cover the full extent of the in depth questioning you should apply when conducting a thorough check of an IT service provider or MSP. Other key topics to cover are - company and personnel background, compliance considerations, documentation – policies, process and procedures, risk assessment and penetration testing arrangements, insurance cover.
Contact Mike to discuss how we can assist your organisation conduct due diligence on your IT service provider or MSP.
Click Here to find out about our Third Party Cyber Risk Management service
Wellington Shire Council deployed Policy Management as a Service to it’s team of 300+ people. Read about some of the policy challenges they previously faced and how the new service has assisted the organisation and Max Horvath (Coordinator of ICT Operations) to implement a comprehensive suite of new policies within a short timeframe.
Read the Wellington Shire Council Case Study
Harbour Software provide fully integrated cloud-based agenda and minutes solutions to optimise business processes and elevate efficiencies in the Local Government sector. The company understands that their existing and potential clients rely upon them to have, and to be able to demonstrate that they have, good security practices in place. They recognise their responsibility to have good foundational policy guidance in place to assist them to achieve this. Read about how their Policy Management as a Service project helped them to meet that requirement.
Read the Harbour Software Case Study
Contact Steve to discuss our Policy Management as Service.