Questions to Ask Potential Providers
Q: What security measures are in place?
▪ Encryption: Ask about the types of encryption used for data at rest and in transit. Ensure
that the provider follows best practices for data encryption.
▪ Access Controls: Inquire about the access control mechanisms in place, such as MFA
and RBAC, to prevent unauthorized access to data.
▪ Security Audits: Request information about the frequency of audits and measures
taken to address identified vulnerabilities.
Q: How do they ensure compliance with healthcare regulations?
▪ Compliance Tools: Ask about the tools and services the provider offers to help you maintain
compliance with healthcare regulations.
▪ Audit Trails: Ensure the provider can generate detailed audit trails for all data access and
modifications essential for compliance audits.
▪ Regulatory Expertise: Verify that the provider has experience and expertise in handling healthcare
data and understands the specific compliance requirements of the healthcare industry.
Q: What is the track record for uptime and disaster recovery?
▪ Uptime History: Request statistics on the provider's historical uptime and downtime incidents.
Providers with a strong track record of high availability are preferable.
▪ Disaster Recovery Performance: Ask about past disaster recovery instances and the provider's
response times and effectiveness. Ensure they have documented success in meeting stated RTO
and RPO when restoring operations.
▪ Testing Frequency: Inquire about how frequently the provider conducts disaster recovery tests and the
outcomes of these tests. Regular, successful testing is a good indicator of a reliable DRaaS solution.
16
oneneck.com
16
oneneck.com
06