How do I know if an I.T. service provider is qualified to service your business? Should I look for industry certifications? Should I look for specific experience? These are common questions business owners ask themselves during the evaluation process, but they don’t always have an obvious answer. There is, however, a clear distinction between mature service providers and those that are still in “startup mode.”
The Catch-22 of Industry Certifications
Certifications have a role in nearly all industries. They help to demonstrate an individual’s knowledge of a particular skill, and they show a company’s commitment to ongoing education. However, the specific value and confidence a certification portrays are especially dependent on the industry they are for.
The Information Technology (“I.T.”) industry, for example, is especially challenging for certifications. The world of technology changes so rapidly that it’s nearly impossible for course developers to create thorough curriculums that will still be accurate a mere 12 months later. Also, as industry standards change, once highly regarded certifications are quickly superseded by brand-new certifications. The Certified Information Systems Security Professional (“CISSP”) certification, for example, was once the principal cybersecurity certification. Today, however, the CISSP certification has been superseded by new standards introduced by the Cybersecurity Maturity Model Certification (“CMMC”) Accreditation Body. Although these changes are specifically targeting Government Agencies, the Department of Defense, and supply chains, they will soon propagate throughout many other industries and set a new precedence for cybersecurity.
Beware of Certification Advertising
Oftentimes, I.T. service providers will place their industry certifications at the forefront of their marketing. They will suggest that they hold certifications that their competitors do not, and that qualifies them to earn your business. This may sound impressive at first, but once you consider the catch-22 mentioned previously, you realize these statements aren’t nearly as impressive as they appear on the surface.
When I.T. service providers wish to work with large organizations or those with especially strict compliance requirements, such as the U.S. Government, the key qualifier for a mature service provider is their “Past Performance.” The service provider must clearly demonstrate how they have successfully delivered their services under a similar scope of work to other organizations over the course of multiple years. Although industry certifications may be requested, they take a back seat to the provider’s work experience.
This qualifier makes perfect sense. Would you rather hire a service provider who boasts they earned a cybersecurity certification and knows the concepts, or a service provider that has a decade of real-world experience helping organizations meet the strictest cybersecurity compliance requirements? While the first provider will learn on your dime, the second provider already has a tried-and-true strategy for your business’s success.
When you are ready to evaluate a new I.T. company and want to separate mature managed I.T. service providers, such as Digital Boardwalk, from their competition, here are a few helpful qualification questions you can ask:
- How many other businesses our size and in our specific industry do you service?
- How long have you serviced businesses in our industry?
- What is the most challenging and complex industry you work with from a cybersecurity perspective?
- What are some specific technology and cybersecurity best practices for our industry that we should consider?
- What is your internal training strategy for your entire staff?
- Can you provide us a cybersecurity attestation or architecture report that details your operating procedures and strategies?
- What cybersecurity compliance certifications have you helped your customers obtain?