The National Cyber Security Centre has just updated its guidance on what you must check before giving a Managed Service Provider access to your IT resources.
The use of Managed Service Providers (“MSP’s”) is increasingly popular, and especially with smaller organisation who do not have the capacity for a full-time resource.
In the NCSC blog post is available at https://www.ncsc.gov.uk/blog-post/using-msps-to-administer-your-cloud-services, and it contains much clear and well informed guidance on what you must check; I encourage anyone thinking or actually employing a MSP to read this thoroughly.