Organisations are now so reliant on the Internet for the conduct of their business that it is no longer a question of “Do we need an Internet Connection” to “What is the best connection for us”. Loss of an Internet Connection can have a serious effect on business performance, and in the case of online retailers a prolonged loss of service could mean the end of the business.
There are some serious matters to consider when selecting a new ISP who will provide the organisation’s Internet Connection. Because the ISP will be supplying largely technical services like bandwidth and speed, there is a tendency to focus on those when selecting a potential supplier and neglecting the other due diligence checks that would normally be applied. It seems simple to say, but selecting an ISP should be the same as selecting any other supplier of goods and services.
Here are three non-technical factors to take into account.
Stability
The ISP business is a cut-throat business. New ISPs with tempting offers appear every day and disappear just as quickly. The last thing a business needs is to have its Internet connection drop out of sight when the ISP does the same.
The evaluation process will inevitably need to look at a trade-off between price and the business profile of the prospective supplier. It will be cheaper in the long run to choose an ISP who will be around in years to come.
A proper due diligence exercise is needed to assess the long-term survivability of the ISP.
Some key indicators include:
- Is the ISP reliant on a single customer for the bulk of its income. If so, that is a negative indicator. If the ISP loses that customer for any reason, then then they could hit the cash-flow buffers.
- The track record of the ISP principals and owners. If they have a history of starting up businesses and later seeing them crash and burn, then this is again a negative indicator.
- Staff Turnover. A high level of staff turnover in the ISP often indicates structural or organisational problems in the ISP. That means an unhappy company and one that will have more severe problems in the future. It also means that the institutional knowledge about the relationship between you and the ISP leaves with the staff member. That is not conducive to a long and happy relationship.
Security and Privacy
Business critical and confidential information in likely to pass through the ISPs network. You need to be assured that it is secure from prying eyes.
Does the ISP track and sell corporate information as part of its its normal business practices, or by do its disgruntled employees do it to make some cash on the side. It’s not just the technical security of software and devices, but the overall security environment.
Obviously, any prudent organisation will encrypt vital corporate data before sending it out into the Internet cloud. The need for the tracking and selling assurance extends to all your data. What might be seemingly innocuous data, for example sites visited by users is valuable to someone.
Bottom line, the ISP must respect your right to private content and metadata.
Securing and Restoring Data
With the best will in the world, mistakes and do happen. It may become necessary to restore data or applications from time to time, if only to check that your disaster recovery plans work. Part of your due diligence when looking for an ISP must be to see how they will support your data storage requirements and provide access to your staff to recover data when required.
You also need to ensure that the backup data is held in the same conditions of strict security as other data passing through the ISP.
A second disaster recovery option is to see how quickly your ISP can restore services following a loss of service to you. You need to look at their redundancy and alternative supply options should their primary bandwidth supplier fail. We don’t have Internet either is not an acceptable excuse.
All these activities should be part of the selection process, over and above the technical assessment of the prospective supplier. Finally, don’t forget to tie them up with a Service Level Agreement.
