How to select a Managed Security Service Provider

With GDPR coming in next year, organisations need to become more aware of what service providers are doing to protect themselves and in turn protect you. When selecting a provider, you need to be prepared to grill them to ensure you are confident that the level of protection your stakeholders and clients would expect is being provided.

A growing trend amongst Irish organisations is outsourcing specific security to managed security service providers (MSSPs). Firewalls, data hosting and vulnerability assessment are just some of the areas organisations now outsource.

The first question you need to ask is are they certified to recognised standards – ISO, PCI, and Cyber Essentials? It is important to know what standards they are working to and ensure they are compliant with GDPR. Data hosting, for example, is a service that organisations usually outsource. Hosting companies will provide their customers with servers which are physically locked which can only be accessed by a select few. This gives organisations a lot of control even though the provider does all the work.  Do your due diligence and find out how effective their physical security system is and how frequently do they test their own systems against possible breaches.

No matter what aspects of your security you outsource, remember outsourcing relieves the burden of managing of security internally, but you are still ultimately responsible for the liability if there is a breach.

Things to consider when selecting an MSSP

  • Choose an MSSP that you can trust if you have never worked with them.
  • Choose an MSSP that understands your customer needs.
  • Choose an MSSP that is financially stable.
  • Choose an MSSP that is flexible and willing to cater for different business needs.
  • Appoint one person or team as a contact point for MSSP to ensure smooth communication.
  • Ensure your employees are aware of the agreement you have within the SLA.

Contact us today to learn how you can become compliant to GDPR with ISO 27001 and Cyber Essentials.

Person with laptop and hardhat ISO certification
Robert Lyons
Robert Lyons

Social
Share

Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …
Previous
Next

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…
Previous
Next