Smart Questions for Customer Reference Checks
by Roshen Chandran, CISSP | Discuss this article »»
Customer reference checks are a powerful tool to select an application security testing vendor right for you. We compiled astute questions we’ve come across in the last 6 years.
If you’re planning reference checks to finalize your security testing vendor, these questions could be useful to you. We came across these when prospective clients did reference checks on us, and we liked these questions.
- How was your experience with the vendor?
- Who did you interact with from the vendor?
Quality, Timeliness, Usefulness
- How well did the testers understand your application?
- How well did the testers articulate their findings? Did you require clarifications?
- How easy was it to schedule the test? Did you get the dates you desired?
- Did the security testing reports come on time?
- How long did it take you to implement their recommendations? What difficulties did you face?
- Will you engage the vendor again? Would you try out another player before engaging this vendor again?
- If you hire the vendor again, is there anything you’d take care to add in the Statement of Work?
- Were there any expectations that the vendor did not meet?
- Are the folks you interacted with still with the vendor?
- Would you pay a premium to engage this vendor?