Poor quality security products and software can result in high replacement costs, lost productivity and income, damage or loss of plant and property, injury to people, or – in extreme cases – even loss of life. Proving quality can be tricky. It’s something you need to assess during the due diligence process.
Some essential questions you can ask of potential vendors to help determine whether what you’re buying meets the quality ‘gold standard’ include:
- Do you have a dedicated QA team?
- Are there multiple quality checkpoints throughout the development and production process – not just at the beginning and end?
- Do you follow best practice and test your software using automated testing, where each build of the software is fully exercised?
- How reliable are you in delivering a new version/product on the date specified?
- What is the process for resolving technical queries?
- How are issues recorded and addressed and is feedback shared where appropriate?
- How confident are you in your hardware? (A one year warranty period can indicate lack of confidence; five years to a lifetime warrantycan indicate full confidence.)
- Do you use penetration testing to externally verify the security of the product?
- How accessible and responsive is the manufacturer?
Back up your questions with research
How does the vendor demonstrate their focus on quality? Can you ask to visit their factory or a client site to see the product in action?
You can discover a whole lot about a company by asking for references from existing and previous clients. Find out how long they’ve been with the company, whether they’re having a great experience and how any problems are responded to and resolved.
Quality Processes
Quality process standards like ISO 9001 are another good starting point; they will ensure that the company has some processes in place that should deliver reliable results. But to achieve a ‘gold quality standard’ security system takes more than that. The manufacturer needs to understand the needs of the security market and listen to the real-life problems and risks that users are trying to resolve and mitigate. Manufacturers need to be dynamically updating their offering to meet the changing environment. If they don’t, then the system you purchased two years ago with the expectation that it would last for seven to ten years may struggle to meet the current expectations.
Options to move forward
Is there an incremental path for you to migrate to the emerging security technologies – both hardware and software? This particularly applies to cybersecurity updates after the original purchase is made. It’s key to ask whether ongoing support and updates are provided after you purchase. It’s especially important to ensure that it’s possible to upgrade firmware, not just software applications, within the solution you choose.
There’s no replacement for your own high standards. Quality means different things to different people and you need to decide what’s important to you and your appetite for risk. Ultimately, you’ll never regret buying quality.
Steve Bell
Chief Technology Officer at Gallagher Security
