Don’t get us wrong. You want a Phoenix IT services partner who will create policies, fill out forms, maintain logs and complete assessments on your behalf.
But if that’s all they’re doing, it’s time to consider other options.
2 Ways You Play Russian Roulette When Your IT Partner Only Fills Out Paperwork
Having someone fill out paperwork on your behalf frees up time and takes an administrative task off your plate. It also leaves you vulnerable to disasters and the keen eye of an auditor.
Situation 1: Disastrous Recovery
Disaster recovery and incident response plans are two documents the SEC wants you to prepare. So, you ask your IT services partner to get everything in order. They dot the i’s, cross the t’s and hand it over. You set the plan on the shelf, ready to show an auditor if they ask.
Months go by and a pipe bursts – literally
Water gushes through your office destroying every piece of equipment in its path. You call up your IT provider, tell them the situation and ask them to restore from backup. They agree, hang up and start the process.
In the meantime, you dig out your incident response plan to get the emergency contact information for your insurance company. You call and get a sales center. Half an hour goes by as you’re passed around to different departments.
During this wait, your IT provider calls the office. Turns out they can’t restore your files. A critical element of the backup failed.
Lower your risk profile and protect confidential client data
Situation 2: Basic template, customized fines
After a risk assessment, you ask your IT partner to compile documentation about cybersecurity policies and what you’re doing to address vulnerabilities. They grab a template from the internet and fill in your name, address and basic information.
Auditors arrive at your office and start reading through your documentation. They see in one of your policies that you “don’t allow personal devices to connect to network.”
Your office is filled with people using their own smartphones to check work email or send messages. Since no one in the office – including you – adheres to this, the auditor marks that you’re not following your own policies and levies a fine.
The bare minimum is not a solution
The situations we shared above aren’t unusual or unheard of. We know about at least one instance where a pipe burst and flooded a server room. Fines from the SEC for not following written policies are common and costly – you read about 3 that totaled $750,000 here.
Settling for the bare minimum from your IT partner will leave you in the lurch – either during a disaster or an audit. But when you have the right IT support, you won’t doubt your backups or be surprised by your own policies.
3 Reasons Our Clients Have Total Confidence in Their Plans
1. We walk the walk with disaster recovery plans
When we create a disaster recovery plan for clients, we don’t plug in basic information and call it a day. Policies are tailored to operations – not just the company name.
After completing the document, we pick a weekend for testing.
We head over to their office and turn off the servers. Then we turn to page one of the plan and see if following the steps gets everything back up and running. A few employees will come in too, and see if they’re able to complete everyday tasks as if nothing happened. Throughout this exercise, we take notes about what works and what doesn’t so we can amend the plan.
2. Tabletop exercise test incident response plans
Like with disaster recovery, we’re crafting a document that is customized to your business.
But the process to check an incident response plan is a little different
In this case, we run through a tabletop exercise. We might sit down with the stakeholders and run through a hypothetical ransomware scenario. Again, we’re turning to page one and seeing if everything is in place for a full recovery or if we encounter unexpected errors – like the wrong number for an insurance company.
3. Nothing is set and forget
We don’t just test for the sake of testing. The real-time experiments are learning experiences. Afterwards, we update the client’s strategy and documentation accordingly. Every policy is revisited regularly – usually quarterly or annually.
Get Value from Your Phoenix IT Services Partner
Neatly organized paperwork isn’t a value-add for your firm. Your IT partner should be exactly that – a partner. When you outsource your IT, look for an advisor who is has experience working with RIAs.
At itSynergy, we’ve designed services specifically for your industry
With our turnkey compliance solution firms:
- Enhance their cybersecurity posture
- Get tailored compliance documentation
- Follow their documentation to a T
- Easily track change history, notes, discussions and who was involved
- Have an IT partner who is also an Investment Adviser Certified Compliance Professional ®