When it comes to deciding what platform or service you want to use, making the right choice can be a hard decision. There are a number of things to consider during the purchasing process such as costs, the reliability of the platform, where your data is held, its features and more. If you work in the public sector, there is the added consideration of ensuring you pick a platform that enforces the right security measures for Government and ticks the boxes outlined by your IT team.
When it comes to choosing your marketing automation and event software , ensuring you are choosing a secure platform is becoming even more important.
To help you make that decision, we have put together the top 5 most important Security Measures for Government sectors that you need to consider when choosing your software provider.
1. Data Security - Where is Your Data Held and Does it Meet Government Security Measures?
The public sector has strict requirements as to where their data is held, and the privacy and security that locks this down.
As part of your tender or selection process, it is important that you find out if your data will be held in Australia or overseas. Data held in Australia is fully compliant with Australian anti-spam and privacy laws.
If your data is held overseas, it is worth checking what anti-spam laws the service provider adheres to and whether they are sufficient for your organisation and meet Government security standards.
2. Does Your Service Provider Have a Government Accreditation?
During your selection process, you may want to add to ask if your supplier has a Government Accreditation.
What is a Government Accreditaton?
A Government Accreditation is an award that is given to a supplier from a governing body which fact checks the supplier.
It seeks to connect contract ready and qualified ICT suppliers with public and private sector organisations seeking their services.
If your supplier has a Government Accreditation, then great! This means you can eliminate much of the procurement paperwork as you already have the approval to use the software provider without the need to go through panels.
3. Do You Know Who is Handling Your Data?
That is the question. Government and public sector organisations have a duty of care when it comes to securing the public’s data as well as being open about how they use it.
Government Security Checks
As part of your selection process for your new provider, make sure you do some investigation into company employees.
Some Government organisations ask all employees who will have access to their data to pass Government security checks.
If Government security checks aren’t part of your organisation’s new supplier process then a second option could be to ask your new supplier to supply staff background checks.
4. Is there a SPAM Policy Implemented?
When looking for a new software provider, another pointer on the list is making sure they have a SPAM policy in place, if so, request to see a copy of this.
Spam Policy Differs in Each Country
Each country has different rules when it comes to being spam compliant so it pays to be extra vigilant where your platforms servers are located.
It is worth doing some research into the new provider to see what other clients they provide their services to.
If the provider is serving non-reputable companies such as gambling companies or companies with bad reputations this could ultimately have an effect on your overall sending reputation.
5. Does Your Platform Perform Regular Penetration Testing that meets your security measures for government?
Why is Penetration Testing Important?
It is a requirement for some Government organisations to be able to perform penetration testing on external software providers. These are normally conducted by the IT department as a security measure.
Your new platform provider should be conducting similar penetration testing on their own software on a regular basis. These should ideally be done by a third party to ensure the platform vulnerabilities are patched and can stand up to emerging security threats.
Make sure to ask your new provider when the last time they conducted a penetration test on their own servers.
These 5 key questions outlined above should be made part of any purchase process for any new automation platforms and software in general, particularly if you work within the public and Government sectors. These sectors have strict security measures for government when it comes to data handling and storing.