Checklist – Question to ask a 3rd party service provider

With the big shift to using other people machines, AKA “The Cloud” to support on-prem infrastructure, platforms, and services, new policies and procedures need to be considered. These “new” environments are often made to sound completely secure. While in and of themselves they might be, what you built on top of the foundation is a whole different story. You can build the strongest foundation, but if your structure sitting on top of it is falling apart… what’s the point?

How would one go about finding out the security maturity of a product?

When you are on the market for a third party service there are several things to consider when evaluating the product and service provider:

  • How transparent is the service provider with answers to special inquiries?

  • How flexible is the service provider in regard to customizing the product to your needs?

  • Do they listen to your request and care about it, or do they just wave it off as if “yeah, we’ll look into that, I promise!” That is a possible indication of how they will react when and if you return with a security flaw with their product.


This checklist could and should be used as a questionnaire when vetting 3rd party services that you might consider using. We have added what we think is a few great questions to start with when evaluating the security maturity of a Service Providers application. To receive it, fill in the form.