How Businesses in the Financial Industry Should Evaluate Their Managed IT Services Provider
Cybersecurity, risk, regulations: these are topics we see in the news every day – affecting nearly all industries from manufacturing to medical. However, the financial industry faces a particularly challenging regulatory and risk environment.
Deloitte recently published an article that claims financial institutions are facing pressure to find risk and compliance operating models that effectively mitigate their risks and assist them in navigating the unpredictable regulatory landscape.
As a result, the article claims, the “adoption of managed services is rising as firms seek a more strategic response in order to better organize, operate, and safeguard their business.”
Managed IT service providers can be critical to the growth and prosperity of financial institutions because they allow employees to turn their focus from keeping up with the ever-changing cybersecurity and regulatory landscape and towards value-adding, business-advancing activities.
Managed service providers (MSPs) will only be an effective part of your strategy if they meet your current strategic needs and continue to work with your organization as your needs change.
If you’re not sure if your provider is effective at basic services or safeguarding your institution in this tumultuous regulatory landscape, use this guide to evaluate your IT provider to ensure they are the best fit for your institution and that you are getting the maximum benefits from a strategic, regulatory, and risk perspective.
Evaluating Your IT Provider’s Strategic Benefits
The right MSP will add clear value to your institution’s strategic business plan, especially in the fast-paced financial industry. To evaluate if your MSP is giving you the most benefits from a strategic standpoint, ask these basic questions.
If you answer “no” to most (or even one) of them, you might not be getting the most out of your partnership.
Are Service-Level Agreements Being Met?
This includes every part of your contract. Consider whether your IT provider is fulfilling their part of the agreement, including hardware and software agreements, giving you ample maintenance hours, and maintaining cloud hosting agreements.
If you notice they aren’t doing the most basic services well – for example, they don’t do a thorough yearly check of your hardware, software, and firmware or do not provide you with the hosting service they promised – chances are, they aren’t keeping all of the service agreements.
Do You Have an Account Manager, and Do They Meet With You on a Regular Basis?
MSPs typically have multiple, attention-demanding clients. If you are getting the treatment you need from your MSP, you should have one dedicated account manager who will know what’s going on in your systems and will be able to answer any questions you may have about your account.
Your dedicated account manager should also schedule regular meetings, phone calls, or onsite visits with you. The frequency of these meetings usually depends on your contract, but industry best practices dictate that you should receive an onsite visit from your account manager at least quarterly.
Do They Develop a Strategy to Leverage Technology?
An MSP should make your job easier, and one way good IT providers do this is by providing your business with a customized technology strategy. Ideally, your managed IT provider will recommend and use technology that makes your business processes easier.
If the provider does not make the effort to get to know the ins and outs of your business processes at the very beginning of your relationship, they cannot provide you an IT strategy that is customized to suit your needs. Instead, your provider should ask you numerous questions about your company and your business processes, and then deliver a practical strategy unique to you.
Do They Communicate With You Often?
A managed IT provider should not only be available to answer your questions, but they should also proactively reach out to you with software and hardware updates, reports on the state of your business’s system, and new ideas for making your IT systems work even better.
Is Your Current Provider Educating You on Current Technology?
If you are learning about new technology from sources other than your IT provider, that’s not a good sign. Your MSP should be actively educating you on advances in technology so that your systems are working as effectively as possible. An expert MSP will offer educational resources such as videos, articles, and training sessions for your staff.
Are Your Systems Experiencing Consistent Uptime?
At their most basic level, managed IT providers should ensure your systems have consistent uptime. When your systems are down, production stops and your business is not generating revenue.
You should be concerned if you employ an MSP but your systems are still going down regularly. This is not acceptable, and you may want to begin evaluating other providers or hire an outside company to assess your infrastructure.
Are You Waiting for Less Than 24 Hours for Tickets Response?
There is a difference between a critical IT issue and a non-critical IT issue. For critical issues such as system downtime, email services not sending for all users, or a security breach, you should hear back from your provider within 30 minutes, even after-hours, because these items are paramount to the success of your business
For non-critical issues that are either limited to one person or in regards to system slowness, you should submit a ticket and expect a response within 24 hours. While we are not stating that every ticket should be addressed and closed in 24 hours, waiting for more than that for initial contact on an issue is inconvenient and frustrating for you. You should receive some sort of response that includes a plan to address your ticket within 24 hours of your ticket submission.
Do You Have Transparency Into All Open Tickets and the Status of Open Jobs?
You should have access to the status of all your open jobs and tickets, usually taking the form of a client portal provided by your MSP. You are entitled to know the status of your requests so you can keep track of any issues, and you should feel comfortable asking your account manager for an update.
Evaluating Your IT Provider’s Risk Mitigation Strategy
If you are in the financial industry, chances are most of your daily business operations rely on data and information. This is why it is especially critical that your MSP ensures all that data will be backed up and recovered should disaster (natural or otherwise) ever strike.
Again, to be confident that your MSP is meeting all of your risk mitigation needs, you’ll want the answer to all of these questions to be a resounding “yes.”
Have They Provided Documentation on Your Backup/Disaster Recovery Plans?
Backup and disaster recovery are crucial to your business continuity. Every business should have one, and it’s your managed IT provider’s responsibility to provide you with one.
You should have documentation about your plan so you know just what will happen should disaster ever strike. (Besides, your disaster recovery and backup plan involves your whole company, so everyone needs to be onboard and prepare for the plan to be effective).
We recommend all businesses employ the 3-2-1 method of backup solutions: 3 copies of your data on 2 different media with at least 1 media off-site. If your MSP does something different, it’s not necessarily wrong, but it might not be as effective as it could be.
Do They Test Your Backup and Disaster Recovery Plan?
Since your backup and disaster recovery plan often involves your entire business, your MSP should train you and your staff, and they should test your plan yearly to ensure it is working as expected.
Evaluating Your IT Provider’s Cybersecurity Benefits
Cybersecurity is top-of-mind for financial institutions who carry the sensitive information of numerous clients. When a cybersecurity breach occurs in this industry, the legal and financial implications are immense, and cyber attacks are not limited to large business.
An expert IT provider will manage your cybersecurity plan and help prevent cyber attacks.
Does Your MSP Provide Reports or Any Information on Cybersecurity?
To be sure your MSP is doing their dues when it comes to cybersecurity, be on the lookout for reports specifically about your institution’s cybersecurity. Your provider should also offer education and training for you and your employees on your cybersecurity plan.
Are They Transparent with Their Findings?
Your MSP should have tools in place that provide a transparent view into the status of your infrastructure. You should be provided with a way to view an objective score or status of critical pieces of your network so you can gauge how well your systems are being managed.
According to Deloitte, “Although cost inevitably plays a role when choosing a teammate, to realize the longterm innovation, talent, and quality benefits of managed services requires a stronger focus on strategic fit, and on a provider’s level of investment, global consistency, and domain and regulatory maturity.”
Ultimately, you want your managed IT provider to reliably close your tickets and implement technology that makes sense for your processes and helps your business grow market share, reduce operational costs, and mitigate risk. In the tumultuous financial industry, you also need your IT provider to implement appropriate disaster recovery, backup, and cybersecurity protocols that will keep your clients’ sensitive information safe and your business compliant with regulations.
How to Choose a New Managed IT Services Provider
If you have determined that you need a new managed IT services provider, look for the following in the contract as you evaluate potential vendors:
☑ Scheduled reviews (semi-annual at the minimum) outlined in the contract
☑ 1-2 user training sessions offered per year under contract
☑ A single dedicated account manager assigned to your account (meet this person, too)
☑ A portal to see any open items and dates
☑ Reporting information about uptime and end-user system
Also, make sure potential vendors can:
☑ Take you through a Recovery Point Objective/Recovery Time Objective exercise to develop a disaster recovery plan
☑ Educate and explain cybersecurity and provide solutions
☑ Understand your business enough to know how to leverage technology (they should ask pointed questions about your business plan and processes)
☑ Become a part of your team (you should like your new IT provider and feel as though you can work with them well)