Managing incidents
Te whiriwhiri i tētahi kaiwhakarato IT

Choosing an IT service provider

Outsourcing some of your online security needs to an IT services provider could help to reduce your risk. Here's what to think about before choosing one.

What it is

An IT services provider is someone external to your business who can help you with technology and security. The provider could be:

  • a company that specialises in helping other businesses with IT issues
  • a contractor you engage as required, or for a certain number of hours a month.

An external IT services provider gives you access to IT knowledge and expertise without having to employ a full-time IT team. This can be especially helpful for small businesses, but large companies may also want to hire out very specialised or complicated security tasks.

How to choose an IT service provider

  • Consider core requirements

    First up, think about:

    • your budget
    • the provider's location — whether you want a provider who's local to you, somewhere else in New Zealand or based overseas
    • your goals – are you trying to save time, outsource some of the more technical work, or have everything possible done for you?
  • Know your risks

    Work out:

    • what your online security risks are
    • which risks you can manage yourself, if any
    • what you need a provider to help with.

    If you haven't already, do a cyber security risk assessment for your business to help you understand the risks your business faces, and the systems and data you need to secure.

    Online security risk assessments for business

  • Define scope

    Write a list of the requirements you want covered. Start with our top 11 – these are the most important security requirements for your business, along with the risks you've identified in your risk assessment.

    Top online security tips for your business

    Once you have a list, work out which tasks you think you can manage internally, and which ones you would rather outsource to your provider. Discuss these with the provider – there may be areas they can add more value, rather than you trying to do it yourself.

    Work out what you want to ask them for each item on your list. For example, you could ask them about:

    • installing updates — if they will be responsible for applying updates across all the devices and software your business uses, how will they find out when updates are available, and how soon will they install them?
    • backing up your data — if they will run backups for you, how often will they do them and where will they store the offline copies? How will they protect your business's data when it leaves your ?
    • setting up logs — who will be responsible for setting up on your important systems? If your provider does it for you, what will they review the logs for, and what will they do if they find something in them? Where will they store the log files? What will they notify you about and how will they do this?
    • creating a plan for when things go wrong — will your provider help when there's a cyber security incident? If so, how will you notify them about it, and what will they help you do?
  • Approach providers

    Look for providers with a proven track record, who provide the services that you need. Get proposals from several providers to make sure you find one who can best meet your needs.

    Once you've chosen a provider, make sure they're happy to follow the same security rules you've defined for your staff, like those in your security policy or your password policy.

    Create an online security policy for your business

    Create a password policy for your business