Share

Article

How to Assess the Quality of Your IT Provider

17 October 2017

A cloud solution provider can bring many benefits to a business, handling project needs from concept to installation to support. However, when sourcing a cloud solution provider, careful research is paramount, as to make a mistake could end up costing both your business and your compliance reputation.

Ask yourself the following questions:
Q. Do you have former experience with the provider?
Q. Does someone in your network have relations with the provider?
Q. What recommendations are out there and what do they entail?

Aside from the above considerations, above all, it pays to investigate their IT compliance and data governance, along with their accordance to regulations and international standards of IT services. However, such research can be overwhelming, with each regulation as complex and comprehensive as the next.

 

Quality assessment standards to look for

1. IEC/ISO 20000 is the International Service Management System standard (ITSM), specifying requirements for the service provider to design, transition, delivery and improve upon agreed services. 
ISO 20000 helps organisations benchmark on how they deliver managed services and assess performance. It also draws strongly on ITIL, which we will discuss below.
 
2. ISO/IEC 27001 is the international normative standard for information security specifying requirements on how to implement and maintain an Information Security Management System (ISMS). Information security covers more than just information controlled by IT, surpassing both employee and organisational competencies, physical settings and documents. Compliance of this standard means that the service provider is in sync and on top of intangible assets such as financial data, intellectual property, along with customer and employee data.
Pay strict attention to ISO/IEC 27001, as it assesses the risk profile of an individual organisation, with the secure implementation of security measures and control procedures relevant to the organisation. This certification ensures that a high standard of quality is maintained, emphasising the engagement of top management and proactive decision-making on what procedures to be implemented and how.
3. ITIL, (IT Infrastructure Library), is an approach to IT Service Management. ITIL forces organisations to be holistic in thinking about their processes, creating a common platform for language and terms, and defining the necessary roles. ITIL is relevant for IT organizations as there is a need for more customer-oriented solutions with a focus on service over technology.
 
Common grounds are formed for agreed-upon and achievable service levels, predictable and consistent processes and efficient service delivery which can be measured and continuously improved. This streamlined flow means a faster resolution of customer challenges.
 
4. ISAE 3402 is an assurance standard, and stands for ‘International Standard for Assurance Engagements’. An external auditor report on the provider’s internal quality controls. The auditor controls the provider’s descriptions, design and operation of controls related to the described objectives in a report. In ISAE 3402, auditor reports are classified as either Type I or Type II:
  • ISAE type 1. An outline of the organisation's controls.
  • ISAE type 2. Shows the effectiveness of controls since implementation.
 
There you have it. Four imperative quality assessment standards and certificates to look out for when choosing a cloud solution provider for your business. The involvement of the providers' degree of compliance in the quality assessment is recommended. This is very indicative of the quality standard of the provider – and is indicative of your own organisation.
Jimmy Rittsel

Written By

Jimmy Rittsel

Quality Assurance Specialist, skilled in IT Service Management, IT Strategy, Management, and Project Coordination with seasoned professional specialization in ITSM/ISMS/Business excellence including Risk Management.

Find me on

Contact our experts!

More about this topic? Ask your questions now and get a clear answer!

Contact us ››