Demo
1 min read

3 Questions To Ask About Pricing - Vivantio Vibe Podcast

By Staff Writer on 11/15/21 1:58 PM

When it comes to deciding on a service management solution, pricing matters. But nobody likes surprise charges popping up!  That's why comparing platforms simply on an advertised monthly charge per seat is not the answer.  Cheaper isn't always better. 

Vivantio's Director of Digital Marketing Todd Carruth provides 3 questions you can ask to protect yourself from unwanted surprises when selecting your service management solution. 

You can listen below or download wherever you get your favorite podcasts including iTunes or Spotify. 

 

Vivantio empowers your team with a robust service management solution that can be rapidly configured with only the features you want. Our editions are designed to align with your immediate needs on the same powerful platform that scales with your business.  Learn more about Vivantio pricing here. 

Ready to find out more?  Click below to get your free, no obligation demo. 

FREE DEMO

 

Topics: Security SaaS podcast
1 min read

4 Questions To Ask Your Vendor About Security - Podcast

By Staff Writer on 10/11/21 5:07 PM

October is National Cybersecurity Awareness Month and this month on the Vivantio Vibe podcast, we dive into security issues, trust factors and some questions you should ask to make sure your software vendor will keep your company and your customer's data safe. 

Director of Digital Marketing and Vivantio Vibe podcast host Todd Carruth shares 4 questions to ask your vendor about security. 

You can listen below or download wherever you get your favorite podcasts including iTunes or Spotify. 

 

As you listen to the podcast, here are some of the referenced links for more detailed information: 

Security is paramount in IT Service Management and at Vivantio, we place the same amount of value in security as you do. Learn how we prioritize the security of our users and their customers' data with this free white paper. 

Topics: Security SaaS podcast
4 min read

4 Questions To Ask Your Vendor About Security

By Staff Writer on 7/23/21 5:00 AM

Security concerns continue to be in the news around the world with the White House issuing an executive order earlier this summer about cybersecurity and the European Union proposing a Joint Cyber Unit to respond to the rising number of security incidents.  And the hacking story that won't go away with the "SolarWinds" hackers launching a new global cyberattack at the end of May. 

Now, this doesn’t mean that you shouldn’t necessarily trust cloud providers.  In fact,  there are many security benefits in working with the right cloud providers and SaaS companies that can leverage the economies of scale  around security far easier and sometimes faster than most companies themselves.  After all, providing SaaS solutions is what they specialize in and have the expertise to ensure their systems are secure.

There is also the driving factor of trust.  Any erosion of their customers' trust would have far reaching effects on their core business. Every vendor's approach to security is an important part of their Information Security Strategy, and to ensure that your service management software system is protected, here are some questions you should ask to make sure your software vendor will keep your company and your customer's data safe.

1. Does the vendor adhere to security best practices? 

Are they ISO27001 certified? This is an international standard that provides a management framework for implementing an Information Security Management System (ISMS) to ensure the confidentiality, integrity and availability of all corporate data. If the vendor is not ISO27001 certified, how can you be certain that their data center partners are?

2. Do they align their Information Security Management System (ISMS) to good standards and best practices, such as:

  • ISO27001 or other standards based on the National Institute of Standards and Technology (NIST)

  • The Payment Card Industry Data Security Standard (PCI-DSS)

  • The Information Assurance for Small and Medium-sized Enterprises (IASME)

  • The UK National Cyber Security Centre's Cyber Essentials Plus or Cloud Controls Matrix (CCM)

Each of these organizations offer best practices and standards to assist companies looking to increase their security protocols. 

3. Do the vendors follow the security concerns outlined by the CIA Triad of Confidentiality, Integrity and Availability? 

We're not talking about the Central Intelligence Agency.  This CIA has to do with data. How is it stored, how accurate it is and how it is accessible. 

  • Confidentiality: The data needs to be private and remain private. Vendors should ensure only the people who are authorized to view the data have access to it. There are different levels at which this applies. Vendors need to protect their SaaS platform, each of their customer's systems, controls within each customer's system, vendor controls to the SaaS system and the vendors own controls over the information they store to run their business.

  • Integrity: The data itself needs to be consistent, accurate and trustworthy. The data must be trusted and nonrepudiation must exist.

  • Availability: The data must be available. Having data that is secure, yet inaccessible, is useless. Users need to be able to access data when they need it, so vendors need to be sure that they are resilient, they have built in redundancies and can ensure business continuity.

4. Do the vendors practice what they preach?

This one is pretty simple. 

  • Do they run their own business on the principles listed above?

  • Do they use the platforms and tools that they expect their customers to rely on to run their business?

  • Do they align with your own security policies and procedures?

Bottom line

It's important to find cloud vendors who answer the previous questions in the affirmative. Not only is it the right thing to do, but it's the best way to protect against potential harm from a security breach. Vendors need to build up trust with their customers and prevent them from potential reputation damage.

Ultimately, the vendors need to protect customers from any potential vulnerabilities along the IT supply chain that may expose data or other security risks. They must also address legal or regulatory concerns pertaining to their customers such as GDPR, HIPAA, CPRA and other data protection laws. 

Be an informed consumer and do your due diligence while selecting a software vendor. Ask questions to make sure your organization is protected from potential cybersecurity threats.

Download our whitepaper to learn more about how Vivantio values security and what measures it takes to keep your customer service data protected.

Topics: Service Desk Software Service Management ITSM Challenges Service Solution Security
3 min read

Ask These Questions to Find IT Vendors with Strong Security Practices

By Staff Writer on 12/22/20 2:58 PM

ENSURE YOUR SERVICE SOFTWARE IS PROTECTED

The recent security compromise of the United States Treasury, Department of Commerce and other government agencies by Russian hackers has prompted major concerns about which IT vendors organizations should rely on.
The root of the hack stems from SolarWinds's Orion IT monitoring platform.

To ensure that your service management software system is protected, here are some questions you should ask to make sure your IT vendor will keep your company and your customer's data safe.

Does the vendor adhere to security best practices?

Are they ISO27001 certified? This is an international standard that provides a management framework for implementing an Information Security Management System (ISMS) to ensure the confidentiality, integrity and availability of all corporate data. If the vendor is not ISO27001 certified, can you confirm that their data center partners are?

Do they align their ISMS to good standards and best practices, such as:
  • ISO27001 or other standards based on the National Institute of Standards and Technology (NIST)

  • The Payment Card Industry Data Security Standard (PCI-DSS)

  • The Information Assurance for small and medium-sized enterprises (IASME)

  • Or, the UK National Cyber Security Centre's Cyber Essentials Plus or Cloud Controls Matrix (CCM)

Do the vendors follow the security concerns outlined by the Central Intelligence Agency (CIA) Triad of confidentiality, integrity and availability? 
  • Confidentiality: The data needs to be private and remain private. Vendors should ensure only the people who are authorized to view the data have access to it. There are different levels at which this applies. Vendors need to protect their SaaS platform, each of their customer's systems, controls within each customer's system, vendor controls to the SaaS system and the vendors own controls over the information they store to run their business.

  • Integrity: The data itself needs to be consistent, accurate and trustworthy. The data must be trusted and nonrepudiation must exist.

  • Availability: The data must be available. Having data that is secure, yet inaccessible, is useless. Users need to be able to access data when they need it, so vendors need to be sure that they are resilient, they have built in redundancies and can ensure business continuity.

Do the vendors practice what they preach?
  • Do they run their own business on the principles listed above?

  • Do they use the platforms and tools that they expect their customers to rely on to run their business?

CONCLUSION

It's important to find IT service management software vendors who answer the previous questions in the affirmative. Not only is it the right thing to do, but it's the best way to protect against potential harm from a security breach. Vendors need to build up trust with their customers and prevent them from potential reputation damage.

Ultimately, the vendors need to protect customers from any potential vulnerabilities along the IT supply chain that may expose data or other security risks. They must also address legal or regulatory concerns pertaining to their customers such as GDPR, HIPAA, CPRA and other data protection laws. Your IT vendor should be concerned about protecting your data to avoid the costs of dealing with the aftermath of a hack.

Be an informed consumer and do your due diligence while selecting an IT vendor. Ask questions to make sure your organization is protected from potential cybersecurity threats.

Download our whitepaper to learn more about how Vivantio values security and what measures it takes to keep your customer service data protected.

white-paper-vivantio-values-security

 

Topics: Service Desk Software Service Management ITSM Challenges Service Solution Security