Stock Image
Durban - Seldom do I take on a new client who doesn’t have a service provider. We try to approach the provider professionally and courteously, especially during any handover periods when we might be servicing the client jointly.

In some cases, it soon becomes clear why the customer has moved on. Occasionally, we have to do a “hostile” takeover - moving quickly to secure access to key elements of the client’s infrastructure and software before they are locked out or interfered with.

As a business owner, the situations remind me of the importance of trusting an IT service provider while building in safeguards for both parties in case the relationship changes. Would your business systems operate smoothly if your IT person vanished? Is one person effectively a “knowledge garden” for your entire set-up? Do you have critical procedures documented, tested and kept up to date? Basically, is there a Plan B?

Compliance - If appropriate documentation and a back-up plan for the IT provider are in order, how’s your compliance with data protection laws? Businesses are increasingly handling customers’ personal data such as names and ID numbers and are responsible for the life cycle of the data.

The Protection Of Personal Information Act (Popi) is South Africa’s data protection law. Signed into law in 2013, it is set to come into force soon. Many larger corporates are running compliance projects to ensure they are ready when the Popi deadline is announced. The procedures, policies and protection needed to demonstrate Popi compliance are best practices you should already have in place in order to run a safe and reputable business.

A paraphrased quote of the Popi Act is: “A responsible party must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures”.

This has far-reaching consequences for business operators, and especially for their IT service providers who are involved in the control and processing of personal data. Do you need advice on that? Email me using [email protected]

Oversight -  I’ve built a career out of fixing IT disasters, so I’ve seen thousands of ways things can go wrong. I have learnt to expect the unexpected, and I apply a good deal of Murphy’s Law in my work. This is common wisdom, yet when it comes to decisions involving technology, I find the focus is overwhelmingly on the price and little else. Too often, there is no formal, experienced oversight. Sourcing is left to a weary office manager who merely calls around to suppliers or mates. After a few quotes, a stranger arrives to set-up the new gear, easily obtaining access to passwords, firewalls, accounts, customer databases you name it.

All of which makes for a risky situation and a potentially illegal one.

The Mercury