Mozy’s due diligence checklist for SMEs

Outsourcing business processes is a growing trend, where many small businesses are choosing to place business-critical operations in the hands of third-party vendors. While the benefits of outsourcing operations such as accounting, marketing, and customer databases are many, caution must be taken to ensure the potential supplier is well prepared for the responsibility of handling such a task. Shockingly, our survey of UK businesses revealed that 80 per cent of respondents don’t take the time to check out their suppliers before they entrust them with their business-critical information and processes. If you are enlisting or are considering enlisting the help of a third party vendor, we recommend you research these ten items before handing over your business-critical operations.

  • Is the company sufficiently insured? Ask to see a certificate of professional indemnity insurance.
  • What’s the company’s credit rating? If the banks don’t trust them with credit, you might not want to trust them with your data, either.
  • Who owns the information that you’re passing to the company? What rights do they have to use that information?
  • What sort of security systems do they have in place to protect your information? Ask to see an information security policy.
  • What are the chances of the company going bankrupt? Do they have sufficient backing to ensure they can ride out a rough patch? You don’t want a supplier going under and leaving you without the support you need.
  • Does the company rely on the intellectual assets of a small group of employees and, if so, how do they manage the retention of this intelligence? If only one person understands your business, what happens if they decide to leave?
  • Does the company rely on third parties to fulfill any part of its commitment to you? If so, make sure they carried out due diligence on their suppliers, too.
  • Where is the company storing the data that it’s creating or using on your behalf? Be aware that, if it’s stored outside of the EU it may be subject to different laws and access rights.
  • Does the company have a disaster-recovery plan? Floods and fires not only devastate lives, they destroy businesses too. Make sure that a natural disaster won’t pull the rug from under your company.
  • Does the company have a data backup strategy that works? 60% of companies would go bankrupt in 48 hours if they lost their data. If you rely on services and information from a supplier, make sure they have up-to-date copies of your data stored offsite.