10 Questions to Ask Providers
Companies evaluating critical service providers need to have a firm understanding of the vendor's history, financial viability, size and years of experience. Use this valuable resource to help you make smart decisions when choosing a provider.
1. Do you charge different rates based on the resources assigned to my account, complexity of service or for off-hours support?
A common practice for many remote services providers is to charge different rates based on the skill sets required to perform the activity or if the activities are performed off hours. However, RDX charges a fixed rate for all of our services.
2. How will you ensure your staff is quickly integrated into my shop and understands what projects and activities are important?
A dedicated onboarding team that follows standardized integration procedures ensures a smooth transition. Activities include establishing connectivity, monitor installation, hour utilization reports and introducing the vendor support team. The support team should document your change management, problem resolution, and security procedures as well as provide written statements of work for all large projects.
3. How will you ensure your organization provides continuous, high-quality support throughout our relationship?
The vendor's support engine should be architected to ensure service continuity. A centrally-located staff allows the vendor to leverage their team's collective knowledge. ITIL support libraries and process documentation foster high-quality service. Dedicated subject matter experts allow you to take full advantage of your database's advanced features to maximize your database investment.
4. How will you ensure my systems are always available and performing as expected?
15 minute response time SLAs that require the service provider's personnel to be actively working on the problem ensures quick reaction. The customer is reassured knowing the service provider's personnel are quickly engaged in resolving any problem affecting the availability of their critical systems.
5. Can you create monitors for non-standard events that occur in my environment?
Many organizations have critical jobs that must be completed by a certain time as well as application events that need to be monitored to ensure workloads are being processed. The provider's monitoring system should be able to monitor any event that occurs in your system. Vendor personnel should also be trained to resolve any event based on your instructions.
6. What technologies and products do you support?
Most shops deploy several databases and operating systems. Providing support for all implemented products allows one vendor to service all of your needs. Other technologies that are important to you such as data warehousing, HA implementations, third-party applications, and business intelligence products should also be supported.
7. What technologies and procedures do you use to ensure your environment is protected against security breaches?
The provider will have direct access to your data. Their technical safeguards should include firewalls, intrusion detection systems, security event log aggregators, two-factor authentication and a robust password vault. Regularly scheduled vulnerability scans and penetration tests provide verification that the provider's environment is secure.
8. What organizational procedures do you follow to safeguard my sensitive data stores?
The vendor's new hire background checks must include national criminal investigations, credit checks, and drug screens. Continuous security training ensures vendor personnel is educated in the latest data protection best practices. The vendor's work request portal should only allow authorized users to request changes to your systems.
9. Can you tailor your supports services to meet my organization's unique needs?
Every organization's support needs are unique. In this case, "one size fits all" is not an optimal service delivery solution. Your organization should be able to custom tailor just the services and SLAs you need - from a subset of activities provided as part of a supplemental relationship to assuming total ownership for the support of your environment.
10. Do you comply with any industry security and service delivery quality standards?
Adhering to industry security and service delivery standards verifies that the vendor has the processes and products in place to protect your systems and is providing high-quality support. Two standards all providers should adhere to are SSAE16 Type II to affirm service quality and PCI to verify their environment is secure. The vendor should also be willing to comply with your shop's specific regulatory requirements.