Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

information about vendor products

Posted on 2014-11-04
2
Medium Priority
?
223 Views
Last Modified: 2015-01-13
Hi,

Is there a standard list of questions (related to privacy or credit card) or a document that has a list of questions that a company should ask a vendor that will be hosting an application on the web. I know a lot of company host sensitive data with web providers but I thought there was a standard assessment document a vendor has to fill out about the security controls safeguarding their product. It seems like there is material on the web but I am not seeing it.

Thank in advance.
0
Comment
Question by:cesemj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
John-Charles-Herzberg earned 2000 total points
ID: 40421534
This is the list of 19 we are using.

19 Questions to Ask Your Prospective Hosted Exchange Provider

1) How many users do you support today? Service providers with only a handful of clients face an uncertain future.

2) What does your SLA provide? No one can provide a guaranteed 100% uptime so beware over-inflated promises or, conversely, providers with no written SLA.

3) How financially-sound is the hosted service provider? If a hosting company disappears, your Exchange implementation is at risk.

4) What do current customers say? Nobody knows a service better than existing clients, so make sure you get concrete answers to hard questions about reliability, access, customer service and any problems they’ve experienced.

5) Do you have Microsoft-certified technicians on-staff? Your Exchange host should employ Microsoft-certified staff to ensure technological prowess and support. One reason you’re partnering with a service provider is to leverage their investment in highly qualified personnel.

6) Which in-house technologies do you use to support your hosted clients? If a service provider doesn’t invest in its infrastructure, this does not bode well for the services it provides. Make sure providers use top-tier vendors & the latest technologies.

7) What other services do you provide? Finding a partner with multiple areas of expertise allows you to easily expand into other technology hosting agreements for money- and time-savers such as unified communications.

8) What migration tools are at my disposal? A provider’s use of automated tools eliminates a lot of the necessary legwork, while live telephone support ensures you’ll get answers when and how you need them.

9) How do you support after-hours email users? Some service companies only have a skeleton crew, if any, after-hours. Since employees access email around-the-clock, it’s important that someone is always available to answer the phone if questions or problems arise. Therefore, 24x7 support is vital.

10 How do you support my end-users in different geographies or countries? You don’t want agreements with multiple service providers; make certain your provider supports all the regions in which you operate - or look elsewhere.

11) Do you support mobile email users? With more and more people accessing email via their phones it’s critical that your service provider supports these users.

12) Are you PCI Certified? Payment Card Industry data security standards - mandated in many states - encompass acquiring banks, Independent Sales Organizations (ISOs), processors, hosts, e-commerce and retail merchants, shopping carts and other merchant services providers. PCI is a set of requirements designed to ensure that companies that process, store or transmit credit card information retain a secure environment.

13) Do you offer Microsoft Exchange 2010 as a hosted service? If not, how will the service provider support you when you decide to upgrade?

14) What is your average on-hold time for callers? Obviously nobody wants to spend their time on-hold. If a company cannot quantify hold times, that should send up a warning flag.

15) How will you support me as I grow? As you expand operations, can your service provider support more employees, more geographies and more technologies?

16) How do I control my data if I use your service? Your data should belong to you, and this fact must be stated clearly in your agreement. Watch out for companies that may hold data hostage if their contract is not renewed.

17) Is any of the migration process automated? Automation eliminates many time-consuming but necessary tasks, reducing the chance of errors and speeding up your hosted Exchange implementation. These tools allow you to learn from the combined experiences of your service provider, rather than demanding you duplicate efforts.

18) How do you help me migrate my end-users? Some hosted Exchange businesses only offer a technical support manual. Look for a partner that provides telephone and online support, as well as automation tools for many processes.

19) How long does migration typically take? It’s important that your migration can occur quickly so you can immediately reap the benefits of your hosted Exchange agreement. The more automation and live assistance available to you, the speedier the process will be.
0
 

Author Comment

by:cesemj
ID: 40421726
This is helpful, I am going to continue searching for HIPAA related questions and will update you.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question