IT outsourcing and cybersecurity: if you have chosen to outsource your IT infrastructure and entrust its management to one or more external companies, this is a good solution.
However, here are a few rules to bear in mind and to include in the contract signed with the IT service provider.
After all, whatever happens, the onus is on the SME’ s manager .
Choosing a specialized IT service provider
Certification to recognized data protection and information security standards, or independent third-party audit reports, can be useful when choosing a service provider.
However, you are not obliged to choose a certified partner.
But it’s a good idea for IT service providers to be able to show that they meet your requirements, and that they can provide the availability and security you need.
Have this analyzed or confirmed by an independent service.
Find out more about the provider in advance, by consulting reviews or talking to other SME managers.
In Switzerland, the CyberSeal label confirms that an IT service provider meets certain requirements.
Perform safety audits
Regular checks should be carried out to ensure that the services defined in the contract are carried out according to a recognized audit standard, e.g. COBIT (Control Objectives for Information and Related Technology) from theISACA (Information Systems Audit and Control Association).
Use the services of independent auditors.
IT service providers can also obtain ISAE 3402 Type 2 (International Standard on Assurance Engagements) certification, also known as a SOC 2 (Service Organization Control) report.
The control body assesses security, availability, integrity and confidentiality.
Collaborate with other SMEs
If your SME is not financially in a position to purchase all the services of an IT service provider, collaborate with other interested SMEs.
This offers you better purchasing conditions and reduces acquisition costs.
And in Switzerland, Cyber-Safe, the Swiss cybersecurity label for SMEs, helps you take control of your security.
If you’re looking to outsource your IT services, and in particular to ensure that your company’s IT security is in safe hands, don’t hesitate to call on our experts.
