Security & Compliance

Is Your Service Provider Performing Their Role?

By: Mark Repka – MegaplanIT Security Consultant  linkedin_legacy_color

Companies often have many complex inner workings and processes to achieve their product goals. In order to attain their objectives, it may be necessary to bring in outside service providers to assist. Outside service providers are not limited to payment processors or third-party co-locations but can entail any aspect of your environment. Examples include firewall management, key/database management, outsourced security functions, or a human resources platform for the keeping of onboarding records and documents. Any aspect of your environment may be outsourced due to a lack of technical expertise, time constraints, or increased productivity due to the service or product.  


To test the viability of a service provider you must first ask what services are they providing that you yourselves cannot do? Is it a complex task? How can you combine these needs into a single provider?  Many service providers have multiple offerings encompassing information security governance, product/code development, threat detection, vulnerability analysis, integrated SIEM, and database management to name a few. The cost of these services will increase as the complexity or specialization of the environment grow. You must also take into account the service provider themselves in risk management scenarios. Would your company fail if the service provider does not meet expectations? What would the business impact be in the case that your services experience an outage for 6-8 hours?  



Metrics must be defined to determine the service provider’s viability; in essence, how will they measure up? To determine the effectiveness of your service provider you must first implement a rating system across all third-party service providers. Common criteria would include but are not limited to availability, cost savings, and benefits. The cost-to-benefit analysis of the technical expertise provided may be attractive as technical training of personnel for a specific task may not be viable for your current business model. The time taken training employees on a small portion of your environment may not be a productive use of your time, instead, outsource the function to an expert. Implementing a low-maintenance managed environment may be more viable when a smaller project or startup forms as you need not waste resources, time, or specialized training for your staff.  



An often overlooked aspect of third-party service providers is the cost savings provided by retaining these companies. It may not be a feasible business model to have consistent staff on 24/7 for both service products or to perform security functions, and this is where managed services are used to provide staffing augmentation. This can be as simple as a centralized call center for customer support or a security operations center for support of your web servers and infrastructure. The cost savings for not having to staff a handful of employees during off-business hours will far outweigh the cost of operators during off-business hours. There are many benefits to outsourcing the labor to third-party providers as many of these companies are versed in the current work environment and have hands-on experience in their field. Solutions that may take hours for your team to solve could be solved in minutes by an appropriate professional. Combining the service of a professional with several needs will incur both cost savings and a single point of contact on which your business is reliant.  


Once you have selected a criterion for assessing your service providers, be sure to keep the feasibility assessment ongoing as assessing a service provider once is a poor metric as there is no history behind what tasks are being performed. You can also review statements of work (SOW) and service level agreements (SLA) to examine if the service provider is living up to their expectations. Once a service provider is selected, it is important to maintain a vigilant watch to ensure that they are performing their functions per the contract. To ensure that a service provider is performing a task as part of an agreed compliance framework, collect attestations of compliance periodically and maintain these records. The outsourcing of resources, manpower, or locations all needs to be reviewed and analyzed for sustainability to be competitive in today’s market. With proper due diligence, you can ensure that you are receiving 100% from your service providers and that they are performing their roles as defined.  


MegaplanIT can help with system logging, security, and monitoring through our partnerships with AlienVault, Cylance, CrowdStrike, and LogRhythm. In addition to software we offer a wide array of services including 24/7 SOCFully Managed SIEMPenetration Testing ServicesExperienced Consulting, and Security Testing. We are dedicated to providing the solution you need at a price you can afford. Implementing varying tiers of service offerings, it is impossible not to find an integrated solution that would fit your needs. We have both the experience and the technical expertise in a diverse range of deployments and industries including financial, healthcare, and industrial. Reach out today and find out what MegaplanIT can do for you.     

Looking for a knowledgeable partner for your cybersecurity and compliance efforts? We're Here To Help!

We look forward to talking to you about your upcoming Security Test, Compliance Assessment, and Managed Security Services priorities. Our expert security consultants and QSAs are fully certified and have decades of experience helping businesses like yours stay safe from cyber threats. Set up a time to chat with us about your biggest payment security and compliance challenges so we can partner with you to solve them!

Share this post

Industry Leading Certified Experts



Subscribe To Our Newsletter & Stay Up-To-Date

Explore Our Blogs

Whitepaper | 10 min Read

Developing And Maintaining An Effective Compliance Program.

Developing An Effective Compliance Program

This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business. We will also outline critical steps towards developing and implementing a useful and effective Compliance Program.

New Service Offering | Contact Us

MegaplanIT's Ransomware Assessment

Ransomware Preparedness Assessment

As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack? If not or if you are unsure, MegaplanIT is offering a Ransomware Readiness Assessment free of charge for up to 50 Systems. 

ResourceGuide | 8 min Read

Cybersecurity Roadmap For 2022

Cybersecurity Roadmap For 2022

Companies need to be aware of their current state, where they need improvement, and how to be proactive moving forward. Dialing in on the key elements your organization will need to succeed is a great starting point to having a full-fledged plan in place, and it all comes down to the fundamentals. 

We're Here To Help

We look forward to talking to you about your upcoming Security Testing, Compliance Assessments, and Managed Security Services priorities. We are ready to help and discuss more information with you on our comprehensive list of services. 

Make Our Team, Your Team!

Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.

MegaplanIT's Ransomware Assessment

Ransomware Assessment Preparedness

Cybersecurity Roadmap For 2022

Cybersecurity Roadmap For 2022

Developing And Maintaining An Effective Compliance Program.

Developing And Maintaining An Effective Compliance Program

As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack? 

A Cybersecurity Roadmap details priorities and objectives to drive progress towards security goals. The roadmap follows a data-driven path based on answers to critical questions

This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business