Agencies should know how many employees at managed-security service providers carry certifications.
Although no single Good Housekeeping Seal of approval exists for judging managed-security service providers, agencies should determine what percentage of an MSSP’s employees carry these important security certifications.
- ISO/IEC 27001 — an international standard for implementing, operating and monitoring security management systems. The rules provide a baseline for showing that an organization has adequate security in place to protect information.
- SAS 70 Type II accreditation — conforms to American Institute of Certified Public Accountants rules for an independent auditor’s evaluation of information technology infrastructures and processes.
- Certified Information Systems Security Professional accreditations — designates that IT workers have a minimum of five years of relevant professional experience and have successfully passed International Information Systems Security Certification Consortium exams.
- Global Information Assurance Certification — acknowledges IT professionals for expertise in computer, information and software security.
- Certifications from specific hardware and software vendors, such as Microsoft and Cisco Systems, important in the agency’s technology infrastructure.