Company Background – Pre-Sales These are pre-relationship questions a business should ask a prospective information technology service provider. The goal is to help you determine if they are quali昀椀ed. 1. Do you operate your 昀椀rm with at least the same level of security as you recommend to your clients? If no, please explain in detail why not and what is di昀昀erent. 2. Do you have quali昀椀ed security resources who are speci昀椀cally assigned to keeping your network safe? If no, please explain in detail. 3. If you do not have inhouse security experts, do you leverage the expertise of quali昀椀ed security professionals outside your organization that are responsible for the security and assessment of your systems? If no, please explain in detail why not and what compensating controls / solutions are in place: 4. Have your systems, policies and procedures been independently assessed by independent, quali昀椀ed professionals outside your organization for security e昀昀ectiveness and enforcement? If no, please explain in detail what validation processes are used to ensure the above. 5. Has your 昀椀rm had any core services or systems outages that impacted your ability to operate, support clients’ systems or client services in the last 12 months? If yes, please explain. 6. Has your 昀椀rm had any signi昀椀cant network (or other system) security incidents in the last 36 months? If yes, please explain. 7. Has your 昀椀rm ever had a cyber incident determined to be reportable to law enforcement or federal or state regulatory bodies? If yes, please explain. Questions To Ask Your MSP | 4