What it is
An IT services provider is someone external to your business who can help you with technology and security. The provider could be:
- a company that specialises in helping other businesses with IT issues
- a contractor you engage as required, or for a certain number of hours a month.
An external IT services provider gives you access to IT knowledge and expertise without having to employ a full-time IT team. This can be especially helpful for small businesses, but large companies may also want to hire out very specialised or complicated security tasks.
How to choose an IT services provider
Consider core requirements
First up, think about:
- your budget
- the provider's location — whether you want a provider who's local to you, somewhere else in New Zealand or based overseas
- your goals – are you trying to save time, outsource some of the more technical work, or have everything possible done for you?
Know your risks
- what your online security risks are
- which risks you can manage yourself, if any
- what you need a provider to help with.
If you haven't already, do a cyber security risk assessment for your business to help you understand the risks your business faces, and the systems and data you need to secure.
Write a list of the requirements you want covered. Start with our top 11 – these are the most important security requirements for your business, along with the risks you've identified in your risk assessment.
Once you have a list, work out which tasks you think you can manage internally, and which ones you would rather outsource to your provider. Discuss these with the provider – there may be areas they can add more value, rather than you trying to do it yourself.
Work out what you want to ask them for each item on your list. For example, you could ask them about:
- installing software updates — if they will be responsible for applying updates across all the devices and software your business uses, how will they find out when updates are available, and how soon will they install them?
- backing up your data — if they will run backups for you, how often will they do them and where will they store the offline copies? How will they protect your business's data when it leaves your network?
- setting up logs — who will be responsible for setting up logging on your important systems? If your provider does it for you, what will they review the logs for, and what will they do if they find something in them? Where will they store the log files? What will they notify you about and how will they do this?
- creating a plan for when things go wrong — will your provider help when there's a cyber security incident? If so, how will you notify them about it, and what will they help you do?
Look for providers with a proven track record, who provide the services that you need. Get proposals from several providers to make sure you find one who can best meet your needs.
Once you've chosen a provider, make sure they're happy to follow the same security rules you've defined for your staff, like those in your security policy or your password policy.