10 Data Security Questions to Ask Your Technology Vendor

Steve Kemsley, Information Security Manager

Data is the key to understanding your audience and ensuring future success and growth. Your users trust you with personal information, so it is imperative that this data – and your brand’s reputation – is protected.

There are serious legal implications and penalties for data breaches, as well as the obvious damage to brand reputation that comes with it. This is why data security is one of the most important factors when choosing a technology provider. You should interrogate any potential vendor to find out what safeguards they have in place.

Questions to ask include:

1. Where will data be stored?

2. Will data be encrypted?

3. How will data be backed up, and will this be encrypted?

4. Will regular vulnerability tests be conducted?

5. What access to the data and do the control mechanisms in place meet your IT security policy or standards?

6. Will the vendor outsource parts of their technology to a third party? It’s the vendor’s responsibility to ensure sub-processors have appropriate security measures in place to protect personal data, but it’s a good idea to carry out your own audit checks.

7.  Who owns this valuable data? No matter how happy you are with your provider right now, you could go your separate ways in the future and you need to know if the data can go with you.

8.  Do their processes comply with data protection laws?

9.  What recovery arrangements are in place in the event of an IT infrastructure incident? 

10.  Do they offer 24/7 support?
Under GDPR, authorities take into account how long it took to resolve the problem when deciding on a suitable penalty, so it pays to resolve things asap. A quick response can also save your reputation.