Due Diligence On Your Technology Provider

What is due diligence?

Due diligence refers to the process of investigating and verifying the credentials and reputation of a company or individual before entering into a business relationship with them. The purpose of due diligence is to identify any potential risks and ensure that the company or individual is capable of meeting your business needs.


Why is due diligence important when selecting an IT provider?

  1. Security risks: IT providers have access to sensitive company data and systems, which makes them a prime target for cybercriminals. If your IT provider has inadequate security measures in place, your business could be at risk of a data breach or other security incident. By conducting due diligence, you can assess the security practices and protocols of potential IT providers and select one that takes security seriously.

  2. Legal liabilities: If your IT provider violates any laws or regulations, your business could be held liable. For example, if your IT provider fails to comply with data protection laws, such as GDPR or HIPAA, your business could face hefty fines and legal action. Conducting due diligence can help you identify any legal risks associated with your IT provider and ensure that they are compliant with relevant laws and regulations.

  3. Service quality: IT downtime can be costly for businesses, leading to lost productivity, revenue, and customer trust. If your IT provider is unreliable or has a poor track record, your business could suffer from frequent disruptions and delays. By conducting due diligence, you can assess the service quality of potential IT providers and select one that has a proven track record of delivering reliable and efficient services.

What factors should you consider when conducting due diligence on your IT provider?

  1. Experience and expertise: Look for an IT provider that has experience working with businesses in your industry and has a proven track record of delivering quality services. Don’t just trust references that they provide. Conduct a Google Search (with quotes) “company name reviews” and you should be able to find what others are saying about them.

  2. Security measures: Assess the IT provider’s security practices and protocols, including data encryption, firewalls, and access controls. Ask about their disaster recovery and business continuity plans in case of a security breach or other incident.

  3. Compliance: Ensure that the IT provider is compliant with relevant data protection laws, such as FTC, IRS, or HIPAA, and has appropriate certifications, such as PTIN Security Certified or Certified Safeguards Technology Provider.

  4. Awards: Awards are a great verification from trusted third parties that the organization not only can provide your firm what it needs, but also confirms that outside organizations have vetted for you the practices that are required and impressive compared to their competition.

  5. Security Program: Per FTC guidelines, your provider needs to have an Information Security Program readily available that showcases the security measures that they put in place to protect your firm. 

  6. Data Security Policy: The contract you sign with the provider requires that they have a data security policy so you and your clients’ data is properly protected.

There is no one-size-fits-all method of due diligence. But if you ask simple questions and get readily prepared answers, it does showcase that the provider takes due diligence seriously and is prepared for anything. If they are prepared before you are even doing business with them, it is a good indicator that they will be prepared once you engage with them.
Skip to content