We’ve had a few customers come to us with horror stories about grey-line responsibility division with their previous supplier – where neither party has been sure who is responsible for what. So I thought a quick blog might help raise awareness of this issue.

It’s good to talk

Depending on the service, there might be some things you as a customer want to retain control of, or you might want to wash your hands of the whole lot in exchange for a bit more OpEx. No matter which option you choose, clearly setting boundaries of who is responsible for what is vital to creating and maintaining a good working relationship and, more importantly, a good service. At ServerChoice we’ve always been of the opinion that a relationship between a customer and a service provider should be a two-way street, and it’s particularly important where high-security and PCI-compliant service are concerned.

Not my problem...

Unfortunately, problems with who-does-what often won’t become apparent until something goes wrong. You might not be too fussed about the nitty gritty when everything’s running smoothly, but what about when a fault occurs? Precious time that could be used to get your service back on its feet gets wasted with pointless back-and-forth on finger-pointing, both for blame and for whose job it is to get actually get fixing.

You can’t always rely on the contract, either. Language can be vague, assumptions made (on both sides) and you’ll find that the black-and-white division between ‘infrastructure’ and ‘management’ suddenly becomes a hundred shades of grey, especially when dealing with the complex minutiae of technical issues.

The key to compliance

Definition of responsibility is vital for maintaining good security and, in particular, compliance: notably for standards such as PCI DSS. Very clearly defining who does what is the only way to ensure that all systems, processes and policies are defined and understood in enough detail to be made secure. In fact, it’s something that the PCI standard mandates.

Summing up

In short, when choosing a service provider it’s always a good idea to make sure they’re clear on who’s responsible for what. If they’re keen on outlining division of responsibility then it’s a good sign that they take themselves and their business (and your business!) seriously. When it comes to high-security services, in particular PCI DSS, it goes beyond ‘a good idea’ and becomes ‘a vital component’.

  • Deutsche Telekom (DTUK) Case Study
    Deutsche Telekom (DTUK)

    Case Study

    • Delivered a secure and reliable colocation solution
    • Successful data centre migration with FlexMove®
    • Reduced costs with FlexPower® metered billing
    Read the case study
  • Euroffice Case Study
    Euroffice

    Case Study

    • Delivered a powerful private cloud infrastructure
    • Increased cyber security protection
    • Directly lead to better customer experience
    Read the case study

SMART THINKING. DELIVERED.® – redefining managed hosting Learn more

  • ServerChoice are ISO 27001 certified
  • ServerChoice are ISO 9001 certified
  • ServerChoice are a PCI DSS v3.2 Level 1 service provider
  • ServerChoice are a Datacentre Alliance partner
  • ServerChoice have 24/7 on-site Security Operations Centre

Get a quote today

If you’re interested in our services, get a fast, accurate quote today by filling out the form below.