These are the TOP questions you should be asking your MSP before agreeing to their service:
|
MSP Outsourcing Risks |
Digital Edge's Risk Migration |
|
Does MSP have a formal security program that is proven and tested? |
Follows and certified on ISO 27001, latest audit report is available. |
|
Does MSP incorporate security into the culture through training, policies, procedures and controls? |
ISO 27001 framework requires awareness program, training and official cybersecurity program. Policies, procedures, controls are available per request or described in ISO auditor report. |
|
Does MSP monitor the network using state-of-the-art tools and techniques? |
Use proprietary monitoring system, technical details are available. |
|
Does MSP have independent network monitoring as an additional layer of security? |
We have 3 monitoring locations – inside and 2 outside locations. |
|
Does MSP leverage AI and machine learning to help quickly identify anomalous behavior? |
Use Elasticsearch technology to collect data and identify anomalies. |
|
Does MSP conduct regular vulnerability testing and remediation to verify system state? |
Owns full licensed Tennable Nessus and Burp toolset. We scan clients and our own infrastructure monthly. |
|
Does MSP use trusted methods and tools to secure the systems used to access or store systems information? |
We use multi-layer defense approach. Tooling includes: MFA, AD, Policies, ACLs, Self-encrypted SSDs. |
|
Does MSP properly vet and test employees for background and qualifications? |
This process is defined in our ISO 27001 framework. Policies and procedures are documented and available in the auditor’s report. |
|
Does MSP monitor and log employee access to client systems? |
We use Elasticsearch technology to collect and store access trails. |
|
Does MSP have tested security incident and disaster response plans? |
This is part of our ISO 27001 management system. Policies and procedures are documented. ISO auditor report is available for review. |
|
Does MSP leverage independent vetting from outside auditors using a solid security framework? |
ISO 9001 and 27001 frameworks are implemented and audited by ISO certifying body in US. |
|
Does MSP isolate internal access and information to appropriate levels? |
There is physical separation of the environments. |
|
Does MSP segment systems to limit attackers' ability to escalate? |
Monthly separation testing is available. |
|
Does MSP understand the regulatory environment and how it impacts them and their clients? |
We understand and consult our clients on laws and regulations. In addition, Digital Edge provides a service to monitor legal changes and notifies clients on new applicable IT and cyber security related laws. |
|
Does MSP have a domestically based presence? |
Yes |
|
Does MSP use multifactor authentication? |
Yes, MFA is a requirement and part of ISO 27001 information security management system. |
|
Does MSP carry cyber insurance that covers breach events? |
Yes |
|
Does MSP have 24x7 staff in front of screens and always paying attention? |
Yes, 24X7 inhouse staff. |
|
Does MSP have a failsafe and proven backup and continuity system in place? |
Yes, continuity system is organized based on ISO 27001 information security management system and certified by ISO certifying body in US. The system is tested once a year. ISO auditor report is available for review. |