Demo
4 min read

4 Questions To Ask Your Vendor About Security

By Staff Writer on 7/23/21 5:00 AM

Security concerns continue to be in the news around the world with the White House issuing an executive order earlier this summer about cybersecurity and the European Union proposing a Joint Cyber Unit to respond to the rising number of security incidents.  And the hacking story that won't go away with the "SolarWinds" hackers launching a new global cyberattack at the end of May. 

Now, this doesn’t mean that you shouldn’t necessarily trust cloud providers.  In fact,  there are many security benefits in working with the right cloud providers and SaaS companies that can leverage the economies of scale  around security far easier and sometimes faster than most companies themselves.  After all, providing SaaS solutions is what they specialize in and have the expertise to ensure their systems are secure.

There is also the driving factor of trust.  Any erosion of their customers' trust would have far reaching effects on their core business. Every vendor's approach to security is an important part of their Information Security Strategy, and to ensure that your service management software system is protected, here are some questions you should ask to make sure your software vendor will keep your company and your customer's data safe.

1. Does the vendor adhere to security best practices? 

Are they ISO27001 certified? This is an international standard that provides a management framework for implementing an Information Security Management System (ISMS) to ensure the confidentiality, integrity and availability of all corporate data. If the vendor is not ISO27001 certified, how can you be certain that their data center partners are?

2. Do they align their Information Security Management System (ISMS) to good standards and best practices, such as:

  • ISO27001 or other standards based on the National Institute of Standards and Technology (NIST)

  • The Payment Card Industry Data Security Standard (PCI-DSS)

  • The Information Assurance for Small and Medium-sized Enterprises (IASME)

  • The UK National Cyber Security Centre's Cyber Essentials Plus or Cloud Controls Matrix (CCM)

Each of these organizations offer best practices and standards to assist companies looking to increase their security protocols. 

3. Do the vendors follow the security concerns outlined by the CIA Triad of Confidentiality, Integrity and Availability? 

We're not talking about the Central Intelligence Agency.  This CIA has to do with data. How is it stored, how accurate it is and how it is accessible. 

  • Confidentiality: The data needs to be private and remain private. Vendors should ensure only the people who are authorized to view the data have access to it. There are different levels at which this applies. Vendors need to protect their SaaS platform, each of their customer's systems, controls within each customer's system, vendor controls to the SaaS system and the vendors own controls over the information they store to run their business.

  • Integrity: The data itself needs to be consistent, accurate and trustworthy. The data must be trusted and nonrepudiation must exist.

  • Availability: The data must be available. Having data that is secure, yet inaccessible, is useless. Users need to be able to access data when they need it, so vendors need to be sure that they are resilient, they have built in redundancies and can ensure business continuity.

4. Do the vendors practice what they preach?

This one is pretty simple. 

  • Do they run their own business on the principles listed above?

  • Do they use the platforms and tools that they expect their customers to rely on to run their business?

  • Do they align with your own security policies and procedures?

Bottom line

It's important to find cloud vendors who answer the previous questions in the affirmative. Not only is it the right thing to do, but it's the best way to protect against potential harm from a security breach. Vendors need to build up trust with their customers and prevent them from potential reputation damage.

Ultimately, the vendors need to protect customers from any potential vulnerabilities along the IT supply chain that may expose data or other security risks. They must also address legal or regulatory concerns pertaining to their customers such as GDPR, HIPAA, CPRA and other data protection laws. 

Be an informed consumer and do your due diligence while selecting a software vendor. Ask questions to make sure your organization is protected from potential cybersecurity threats.

Download our whitepaper to learn more about how Vivantio values security and what measures it takes to keep your customer service data protected.

Topics: Service Desk Software Service Management ITSM Challenges Service Solution Security
3 min read

Ask These Questions to Find IT Vendors with Strong Security Practices

By Staff Writer on 12/22/20 2:58 PM

ENSURE YOUR SERVICE SOFTWARE IS PROTECTED

The recent security compromise of the United States Treasury, Department of Commerce and other government agencies by Russian hackers has prompted major concerns about which IT vendors organizations should rely on.
The root of the hack stems from SolarWinds's Orion IT monitoring platform.

To ensure that your service management software system is protected, here are some questions you should ask to make sure your IT vendor will keep your company and your customer's data safe.

Does the vendor adhere to security best practices?

Are they ISO27001 certified? This is an international standard that provides a management framework for implementing an Information Security Management System (ISMS) to ensure the confidentiality, integrity and availability of all corporate data. If the vendor is not ISO27001 certified, can you confirm that their data center partners are?

Do they align their ISMS to good standards and best practices, such as:
  • ISO27001 or other standards based on the National Institute of Standards and Technology (NIST)

  • The Payment Card Industry Data Security Standard (PCI-DSS)

  • The Information Assurance for small and medium-sized enterprises (IASME)

  • Or, the UK National Cyber Security Centre's Cyber Essentials Plus or Cloud Controls Matrix (CCM)

Do the vendors follow the security concerns outlined by the Central Intelligence Agency (CIA) Triad of confidentiality, integrity and availability? 
  • Confidentiality: The data needs to be private and remain private. Vendors should ensure only the people who are authorized to view the data have access to it. There are different levels at which this applies. Vendors need to protect their SaaS platform, each of their customer's systems, controls within each customer's system, vendor controls to the SaaS system and the vendors own controls over the information they store to run their business.

  • Integrity: The data itself needs to be consistent, accurate and trustworthy. The data must be trusted and nonrepudiation must exist.

  • Availability: The data must be available. Having data that is secure, yet inaccessible, is useless. Users need to be able to access data when they need it, so vendors need to be sure that they are resilient, they have built in redundancies and can ensure business continuity.

Do the vendors practice what they preach?
  • Do they run their own business on the principles listed above?

  • Do they use the platforms and tools that they expect their customers to rely on to run their business?

CONCLUSION

It's important to find IT service management software vendors who answer the previous questions in the affirmative. Not only is it the right thing to do, but it's the best way to protect against potential harm from a security breach. Vendors need to build up trust with their customers and prevent them from potential reputation damage.

Ultimately, the vendors need to protect customers from any potential vulnerabilities along the IT supply chain that may expose data or other security risks. They must also address legal or regulatory concerns pertaining to their customers such as GDPR, HIPAA, CPRA and other data protection laws. Your IT vendor should be concerned about protecting your data to avoid the costs of dealing with the aftermath of a hack.

Be an informed consumer and do your due diligence while selecting an IT vendor. Ask questions to make sure your organization is protected from potential cybersecurity threats.

Download our whitepaper to learn more about how Vivantio values security and what measures it takes to keep your customer service data protected.

white-paper-vivantio-values-security

 

Topics: Service Desk Software Service Management ITSM Challenges Service Solution Security
1 min read

A Service Management Software Solution for Accounting and Finance

By Staff Writer on 4/30/19 9:00 AM

IS YOUR ITSM SOFTWARE MEETING THE NEEDS OF ALL YOUR SERVICE DEPARTMENTS?

Vivantio’s service management tool is flexible for a reason – that’s what our customers need. No matter what industry you serve, our ITSM software can meet the unique demands of any department receiving internal or external requests, like Accounting and Finance, for one.

We recently spoke with our customers to learn how Vivantio has become a centralised hub for all their service departments since implementation. The answers were fascinating. We found that while many of our customers originally explored our product strictly for IT purposes, they quickly discovered just how easy it is to add service categories and customize ticket types to accommodate the needs of other business units. Vivantio’s versatile platform is being used as a service solution not only for technical support, but also for Human Resources, Sales and Marketing, Claims, Quality, Facilities Management, Corporate Services, and many more.

 

A POPULAR SOLUTION FOR ACCOUNTING & FINANCE

While it’s no surprise that Vivantio is used by technical support (IT) the most, Accounting and Finance was a close second. With Vivantio, users can gain control and insight of their department with the ability to track, prioritize, and process incoming finance-related requests. Here are more reasons why it’s a popular tool for this department:

  • Control costs by streamlining routine processes with automated workflows.
  • Reduce the time it takes to get approvals and manage purchase orders.
  • Stay informed of all requests the team is managing with custom dashboards.
  • Manage end-user requests via the self-service portal.

In addition, users appreciate the platform’s codeless, drag-and-drop design, and intuitive interface. Changes can be made to the system without the need for a programmer –a nice feature for non-technical departments.

 

Closing

Considering the wide range of fiscal responsibilities that are task-related, it’s easy to see why so many Accounting and Finance departments count on Vivantio’s service management platform to manage the requests of both internal and external clients–ranging from contractors, suppliers, and employees–so they can focus on being responsive, accurate, and compliant.

Is your ITSM software supporting the needs of all your service departments? We’d like to know.

Topics: Service Management Finance Service Solution SITS HR Human Resources