Our policy on “security questionnaires”

Peter Farmer

19th September 2023

By Peter Farmer

Simwood, like all networks and service providers with a turnover over £634k a year, have specific legal obligations with respect to security. One of those (regulation 7 of the Electronic Communications (Security Measures) Regulations 2022 if you’re interested) relates to supply chain management. 

We regularly receive lengthy documents from customers asking for things like our ISO:27001 certificate, and to ask if we have certain policies and procedures. That’s all well and good, and part of a functioning telecommunications eco-system that takes things seriously. 

Our support team is equipped to answer the usual, relevant questions, and will turn them around in a week or so. 

What they aren’t equipped to do, is answer the sort of questionnaires that have been through a cottage industry within a telco, built by a team of people with a collection of clipboards and high-viz jackets and a subscription to “Bureaucracy Monthly,” who adds question after question which are not relevant to our legal obligations. Or even to the fundamental question of security. 

Which brings me to the point of this post. For a long time, Simwood has reserved the right to levy an admin charge of £150 an hour for the cost of the team members involved in certain egregious situations, such as AIT claims, or sorting out abuses of various rules. From 1st November 2023, we’re adding “work performed in responding to security questionnaires (and similar documents) where, in our sole opinion, the work is in excess of that we are obligated to perform or is necessary in the circumstances,” to the list of reserving our rights to charge. 

If you ask sensible, reasonable questions, in compliance with your obligations, you have nothing to fear about this change. If you ask for the inside-leg measurement of those with access to our data centre cages, then there might be a bill.

Any questions, reach out to the usual suspects

Related posts