5 questions to ask before entrusting business data to a sales app - 3min read
Can you be sure that sensitive business data you entrust to third-party sales apps are secure? Consider these 5 questions before entrusting business data to service providers.
1. Which data is collected?
Business apps require very intimate access to sensitive company data, like customer information, product price lists and employees’ personal details, in order to provide an effective service. The more value an app-based service is to provide, the more comprehensive this access to core business info needs to be.
It’s therefore crucial that your service provider takes data security seriously and you pose a few further questions to them.
2. Whose data is it?
Data that describes your business and its activities belong to you, even though it is in your service provider’s possession.
It’s nevertheless wise to contractually arrange with your service provider that:
the data is only used for the purpose of the service they commit to provide.
the service provider adheres to your unique requirements for data-handling.
the data is not shared with 3rd parties.
This way, you maintain maximum control over your data even though it is handled by a service provider.
3. How will data be handled?
Service providers handle sensitive data, therefore it’s crucial that:
only information necessary to provide a service is made available to the service provider for the delivery of that particular service.
only service provider employees involved in delivering that particular service handle the relevant information.
the service provider has the necessary technical security controls in place to ensure the confidentiality, integrity and availability of your information.
4. How will data be stored?
Data should be properly protected not only when handled but also when stored.
Can your service provider ensure that:
your data is stored in a segregated way, not to be confused with other customers’ data?
backups of your data are properly protected?
service provider employees have restricted and only necessary access to data?
data that’s no longer relevant to the service provider is deleted?
they make use of reputable cloud services* to store your data?
*Cloud services have matured to the point where app service providers who run their own data centres struggle to compete in securing data. Unlike business apps, cloud service providers are security experts who constantly monitor and improve their own systems. Cloud services also ensure that your data is safe in the case of physical security breaches of your service provider’s premises.
So, what does an ISO 27001:2013 certification mean?
ISO 27001 certification means your data is in safe hands. Specifically, it means that an independent auditor has confirmed that Skynamo has an Information Security Management System in place which ensures that the right data security controls are implemented throughout the business. The auditor reviews the people, processes and technology used, ensuring that a suitable risk-based approach was taken to identify and implement suitable controls, from the storage of data to how it is handled among a company’s employees and also the physical security of the premises where the company conducts their daily business.
After in-depth certification assessments on the various ISO standard requirements have been carried out successfully, they provide companies with an internationally accepted, independent compliance report and certification.