Key considerations include:
- What are their standards and policies? How well are they documented? What metrics do they use for self-evaluation? How well do they meet them?
- How robust is their Enterprise Security? Are they using the right controls, not only for electronic penetration but for physical security- building access, etc.?
- Does the Service Provider staff have the relevant skills to meet the SI need?
- How well can they meet the Service Level Agreements: Proof points, Redundancy, clear escalation path?
- Do they provide visibility into the performance of the Infrastructure?
- Can the demonstrate value- the benefit vs. the cost. (Not just the lowest cost.)
- What is the quality of the Management Interface?
- What is their proximity? (Potentially important.)
- How flexible are their offers? What control do they allow for the Solution stack?
- What is their reputation?
- How strong is their account management? Do they provide dedicated or named technical managers as part of a premium service package? How accessible and responsive are they in the even that something goes wrong?