Zwei Computerprogrammierer arbeiten zusammen
© Ideengut

Coordination made easy: How can my IT service provider help with cybersecurity?

IT service providers do not automatically consider cybersecurity. They face high performance pressure and often lack the time or budget for security measures.

It is therefore highly advantageous to discuss fundamental security requirements with your provider. These concern the quality of services, access security, and the service provider’s own security practices. Additionally, prepare the aspects of IT security you would like your provider to address.

Link list for IT service providers

When assessing the IT security competence of IT service providers, consider the following aspects:

  • The IT company offers support in conducting a protection needs analysis and developing a security concept.
  • The IT company selects security measures according to the guidelines of BSI or ISO 27002 and is willing to be audited on these standards.
  • The IT company is also prepared to choose its suppliers based on these guidelines or to verify these requirements with suppliers.
  • The IT company regularly reports on the security status of the systems it manages.
  • The IT company guarantees (contractually agreed) minimum availability for the IT systems it operates.
  • The IT company can provide a comprehensive list of relevant and used IT systems it manages on request.
  • For the managed IT systems, the IT company regularly generates backups, and in the case of remote maintenance, this is carried out over encrypted connections with strong authentication.
  • The IT company has a described procedure for handling security alerts and incidents of varying criticality and proactively informs customers about its responses.
  • The IT company supports with appropriate emergency services during security incidents.
  • The IT company applies the same procedures to its own systems and information.
  • The IT company regularly trains its employees on security topics.

Further link

A catalogue of criteria on the topic is offered here for download by the German Chamber of Commerce and Industry (IHK organisation): Catalogue of Criteria for Trusted Service Providers on ihk.de (only available in German)

(only available in German)

The Two Top Tips

  • Review criteria for secure IT services with today's partner
  • What security services has the partner successfully provided multiple times already? Where do they excel?

(only available in German)

Contact

Katrin, Sobania_quad

Dr. Katrin Sobania

Director Department for Information and Communication Technology | E-Government | Postal Services | IT Security

E-mail
sobania.katrin@dihk.de
Telephone
+49 30 20308 2109