12 Questions To Ask Before Outsourcing Your IT (For Safety and Security)

Today it’s imperative that your company adopts a digital way to do almost everything. And more times than not, the most cost and time-efficient way to digitally transform is to hire outsourced IT.

But we know that’s not the only decision you have to make, there’s still a long list of items to consider when you’re looking into outsourcing. At the top of the list? Safety and security of your data and systems. Because data outsourcing decisions are responsible for a large number of data breaches each year, resulting in extreme cost hits to the bottom line.

Customers care about their privacy more than ever. A 2020 study from KMPG, found that 97% of US consumers view data privacy as a concern, and most view it as a human right. A breach of security could mean losing the trust of your clients you have worked so hard to gain.

Before you even consider partnering with an outsourcing company, you need to first carefully audit your internal security strategy. If your internal processes are weak, it will lead to issues down the road, no matter how good your vendor partner is. Once you’re sure you have a solid security strategy in place, you can then start searching for a trusted vendor that will take the same level of care as you do.

Make sure to ask all potential partners the following questions during the interview stage.

1. Who will have access to sensitive data?

Once privacy has been breached, there’s no way to get it back. Therefore it is vital to establish exactly who will access your data and what that data is. Do data engineers need access to confidential information to do their jobs, or can access be restricted? Good data protection practice is to assign different access rights to various members of your offshore team. Under the “principle of least privilege” (Polp), only the team members whose jobs require them to access sensitive data may access it.

2. How do you take care of your own security?

This question might not seem relevant, but if you are outsourcing or sharing resources in any capacity, that means there is a shared risk that your vendor could also come under attack from hackers. If a vendor has access to your data, their systems must be secure; otherwise, they can pose a threat.

3. What security measures will you put in place?

If your outsourced firm will be storing sensitive information on their systems, how will it be protected? Service providers should share what firewall and other security measures have been taken to protect your data and information. Ask for a detailed explanation of what the vendor puts in place to enforce the security of your data.

4. How do you handle sensitive data?

If you’re outsourcing your IT security or data storage, check how your vendor will handle that data. How do they distinguish between sensitive and common data, and how do they educate their staff to keep sensitive data adequately protected?

5. How often is security audited?

Having a secure network takes work, and unfortunately, hackers are always looking for new ways to infiltrate security networks. How can you trust that your data will stay protected in the long term? A good vendor should prioritize security testing and audits every few months. Consistent auditing will allow you to respond to issues and fix them quickly; it will also ensure that your outsourcing partner is capable of providing you with an adequate level of data protection.

6. What administrative measures are in place to keep me protected?

Employee negligence can be responsible for vendor data breaches. When sharing your data with another vendor, you need to ensure that their staff policies keep you safe. Ensure your potential vendor has a firm security policy that includes an information protection policy, internet usage policy, password policy, and corporate email policy. And as an additional precaution, ask your vendor if they’re willing to have their staff members sign non-disclosure agreements to keep your data protected.

7. What types of cybersecurity technology are you using?

Cybersecurity is constantly evolving, which means you will want to choose a vendor that uses a variety of current, cutting-edge, and advanced security solutions to keep your data safe. Ask them about how they stop viruses, spyware, and malware from infecting their systems and your own. They should also be doing regular penetration tests to make sure these systems are strong enough.

8. How physically secure are your servers?

Physical security is somewhat less important than other types of security when it comes to outsourcing, but it’s still a valid question to ask. Remote servers can be prone to physical damage, and it makes sense that you would want to know what type of physical security is keeping them protected. Ask the outsourcing vendor what their security strategy is and how they plan on the upkeep.

9. What is their data recovery plan if a disaster should take place?

Whether physical or digital, disasters can happen, and every competent outsourcing firm should have a plan in place for data recovery. It’s easy to assume that when data is kept in the cloud, it’s always recoverable, but that’s not always the case. Ask about how often your information will be backed up to prevent complete loss of data. Another aspect to consider is the failure of your services. If your vendor has bundled together a range of outsourced services, there is potential that when one fails, they all fail. While it may be cheaper to opt for bundled services, it could put you at a higher risk of cross-functional failure.

10. Does your data protection stay compliant with privacy laws?

Data privacy and data protection are two different things. Data privacy is the rules and regulations regarding who can access certain types of data. Data protection is the process of securing data. The data protection efforts of your chosen vendor must keep you in line with any privacy laws your country may have. Ensure they are knowledgeable, or what their plan is to become knowledgeable, about your specific data protection needs.

11. How much experience have you had in highly regulated and secure industries?

Working in highly regulated and secure industries forces vendors to have the utmost secure data protection and work in their client’s processes. Industries like banking and healthcare have highly sensitive data that is regulated by local and federal government laws, requiring vendors to be mobile and agile in working within an already established process. If a vendor that you’re talking to has already worked in any regulated and secure industries, it’s a high testament to their ability to work within any industry.

12. Does your business operate under the same legal entity in the United States as it does abroad?

When working with a company outside of the United States, you run the risk of working with two separate legal business entities operating under the same name. This can cause legal risk, especially if you ever need to file a lawsuit. It’s important to ensure the business you are working with in the United States and their overseas counterpart are legally linked. For example, Novacomp’s offices in Miami, the United States, San Jose, and Costa Rica are the same legal entity operating under the same name.

Take Note Of How Vendors Respond To Your Questions

If data security and privacy are essential to your business, you must choose a vendor that takes security seriously. If a vendor takes their time to answer these questions and makes sure that you understand the answers, it’s a sure sign that they are heavily invested in your security.

At Novacomp, we work with our clients to ensure they understand all aspects of the outsourcing process. In our industry, getting security right is our number one priority. Proudly backed by ISO certification, and with over 22 years of experience, we walk you through the outsourcing process, answer your questions, and ensure that your security concerns are answered.

Need help accelerating your IT capabilities?

Reach out to our team and learn more about how we can help you. Take care.