Once you have started the process of assessing your systems, you will be better prepared for a security audit (please see our Technology Assessments - Learn about Your Systems page). You can use free online tools to conduct an internal security audit, or hire a vendor to run a formal audit. To assist with this process, we have compiled some guidance and resources you may find helpful. Running a security audit can be extremely beneficial for your organization if done properly. Take a moment to review the list of tools and resources at the bottom of this page to learn more about the IT security audit process.
VLCT was contacted by several IT services providers and cybersecurity firms interested in offering cybersecurity audits to municipalities. We have compiled a list of vendors with contact information in our resources section below. Please note, VLCT has not vetted these organizations, and we do not endorse any particular business entity at this time.
Information and resources provided here are not exhaustive. This page is for informational purposes only.
When selecting a vendor:
- Conduct an internal assessment of your systems - View our VLCT resource page on Technology Assessments - Learn About Your Systems (see page link below)
- Ask lots of questions about structure, staff, services, supports, training, pricing, and security
- Get a second opinion. Many companies will provide a free initial audit of your systems, compare and contrast offerings from different organizations
- Be sure to provide vendors with any unique legal and/or regulatory requirements that apply to your organization
- Get proposals from vendors for services, adopt a process for reviewing proposals and services (a list of providers not endorsed or vetted by VLCT is below)
- Before entering into a contract with a provider, have an attorney review the proposal and proposed contract.
Take some time to review any company you engage with for staff credentials and certifications, consumer reviews and complaints, customer ratings, and information on security breaches. A sample of government and consumer websites are list below.
- Office of the Vermont Attorney General https://ago.vermont.gov/cap/consumer-complaint
- Federal Communications Commission https://www.ftc.gov/enforcement, https://consumercomplaints.fcc.gov/hc/en-u
- Federal Trade Commission https://www.ftc.gov/faq/consumer-protection/submit-consumer-complaint-ft
- Better Business Bureau https://www.bbb.org/
- Ripoff Report www.ripoffreport.com
- Crowdsource consumer ratings platforms such as Angie's List or Yelp provide customer feedback on all types of businesses and contractors