IT Best Practices

3 April 2025

Why Does IT Due Diligence Matter?

Why IT Due Diligence Matters: It’s not Friday night take-away

Choosing an IT service provider isn’t as simple as picking a takeaway for Friday night. IT service providers have intimate access to your data, systems and people.

That’s where due diligence comes in. Before signing on the dotted line, you need to be sure your IT suppliers are up to scratch. If your supplier isn’t how will they be able to help you get your systems and IT lined-up?

What’s the Big Deal with IT Due Diligence?

If you don’t do your homework, you might end up with an IT provider that doesn’t take security seriously. This can leave your data at risk. Worse still, non-compliance with industry regulations could land your company in legal or reputational trouble.

IT Certifications to Look Out For

So, how do you separate the pros from the amateurs? Certifications! Exciting! Here are some key ones to check for:

1. ISO 27001 – It proves that the supplier has a solid Information Security Management System (ISMS) in place, which means they take cybersecurity seriously. Its audited regularly and is a serious commitment to security.

2. ISO 9001 – All about quality management. If a supplier has this, it means they have consistent processes and are committed to improving the quality of their service.

3. ISO 20000 – Specifically for IT service management. This standard ensures they follow best practices in IT operations, meaning fewer headaches for you.

4. Cyber Essentials & Cyber Essentials Plus – These are UK government-backed schemes that help businesses guard against common cyber threats. For an IT business this is really an entry level requirement these days – its low-cost and straight forward to get.

Final Thoughts

Skipping due diligence might feel like a way to get on with your day job – you’ve always ordered that burger-and-fries off the menu why shouldn’t you do it again? However, the IT environment is rapidly changing – working with a provider that is showing a commitment to their own security and IT systems is the way to start getting your own systems into shape.