Tips to select cyber security vendors

In cyber security world, whether it is a technical bug finding stream or a certification for some compliance, it is usually tough to decide on how to select a vendor.

This becomes particularly difficult when the history of selection shows that money should be the criteria, while on the other hand, different vendors provide a large deviation in the cost proposals.

To avoid this confusion and help everyone make a correct pragmatic and cognitive decision, below list may help in the selection.

Is there firm in existence in the industry for a longer time duration?

Are the owners/directors technically sound?

Is the overall management exhibiting experience from wider industries and not just IT?

Is their firm certified with ISO27001, GDPR, SOC2?

Is their firm certified with ISO9001 to endorse quality in their services?

Do they have partnerships with similar other established brands ?

Are they ready to commit to protect privacy of your data?

Do they themselves follow incident management process?

Are their tech management teams certified?

Are their operations teams adequately experienced?

Are they using industry standard tools?

Are they focusing on human interaction than automated tools?

Are the secure in terms of their own physical premises?

Are they providing additional help to walk through the services outcome?

Are their technical teams exhibiting real tech knowledge than bookish knowledge?

Do they outsource work to other layer of subcontractors?

Are they ready to let perform assessment audit?

Are they auditing themselves periodically to ensure continued self-security?