When choosing a digital transformation partner, you’re not merely choosing a vendor of software or a provider of services. You’re choosing a partner with whom you’ll construct a vision for the future of your business. Security is integral to that vision. Here are some questions to ask of, and issues to address with, your potential digital transformation partner to determine if they’re up to the task:
Which laws, rules, regulations, guidelines, etc. (“guidelines”) apply to my enterprise’s systems and the data stored on those systems?
Your digital transformation provider will be able to compile a complete list of all guidelines applicable to your particular type of organization, your industry, where you do business, where data is being delivered and where it’s coming from, and who and where the end users are located. Here are the guidelines your digital transformation provider should, at a minimum, be aware of.
Describe your level of compliance with guidelines.
Your digital transformation provider will be able to compile a complete list of all certifications, registrations, accreditations, and the like, what they mean, and why they’re necessary. Here’s ours, and stay tuned for a much more in-depth discussion of that next week on the Exela Blog.
What mechanism do you have in place for staying abreast of changing guidelines?
This is always an important question, and your digital transformation provider should have a regular process by it stays current on what guidelines are applicable, whether and how they’ve changed, and what changes must be employed to comply therewith.
What security technologies do you currently deploy?
This could include software, encryption methods, digital firewalls, etc. Which of these are proprietary versus third-party provided? What mechanism are in place for keeping up with the latest security technologies? What’s next on the horizon right at this very moment? What challenges do you see as a result of current technological limitations?
Who is your security team comprised of?
Who is in charge of leading the security team? Which departments are involved? What is the structure, and who reports to whom? How does the team interact with my enterprise?
Which of your staff members will interact with mine in connection with systems and data?
Will they only be employees? Or might they be consultants? What security clearance is required such persons on board with regard to this particular project/set of projects? What training/education do you require of such persons with regard to system and data security?
What security measures are in place at the facilities where you provide systems, storage, and/or services?
What methods are employed for monitoring the security at such facilities? Who has access to such facilities, how is access determined, and how is access enforced? These questions should address both physical security of facilities and equipment and user credentials. Learn about Exela’s secure MegaCenters here.
What are your system change controls?
In other words, what is the procedure for modifying/patching relevant systems, notifying affected parties, minimizing adverse impact?
What sort of monitoring are you doing to identify security threats before they become incidents?
How often are you auditing the systems under your care? How do you detect potential breach incidents? What is your standard breach response procedure?
What are your disaster recovery contingency plans?
Stay tuned for the last post in this series on Leveraging Cybersecurity to Master Your Domain, in which we address the security standards Exela meets for itself and its customers. If you missed the earlier posts in this series on cyber security, you can catch up here on: