The IT Support/MSP game has changed. Clients are no longer satisfied with just getting their desktops managed and servers supported.
Almost every industry has customer privacy and security compliance regulations – and clients are looking at us, their IT providers and business confidantes, to help them become and remain compliant.
So what do you need to know about compliance?
First – determine what industry or vertical you will tackle, then dive into it.
In my experience, clients do not want a generalist firm that says we provide HIPAA/HITECH/PCI-DSS/Sarbanes-Oxley/GLBA/SEC Cybersecurity / [insert acronym here] compliance. More and more, savvy buyers want MSPs that focus on their vertical.
If you’re tackling healthcare, you must deep-dive into HIPAA/HITECH, FTC Health Breach, State Records Retention, SEC Cybersecurity guidance and State Privacy Laws. If medium-to-large retailers ($10M-$4B) are your targets, then a thorough understanding of PCI-DSS and State Privacy Breach Laws is required. If banking and finance is your focus, then GLBA, SOX-404, State Privacy Breach, FINRA regulations, PATRIOT ACT and FFIEC compliance knowledge is a must.
Underpinning all these regulations, standards and statutes are 3 simple truths:
- Every regulation or standard requires good, tested, verifiable backups
- Use of strong passwords and tested security configurations is a must
- Encrypting data in-motion, and data-at-rest is a very, very, good idea.
As you start your journey towards becoming a compliance-oriented MSP, I can offer you a few resources for HIPAA/HITECH, PCI-DSS, SEC Cybersecurity and PRIVACY LAW compliance.
HIPAA/HITECH Compliance: Email me and request the
- WHAT DO MSPS NEED TO KNOW ABOUT HIPAA/HITECH slides
- HIPAA Compliance Checklist
- Articles and newsletters regarding trends in HIPAA enforcement and compliance
PCI-DSS and STATE PRIVACY LAW Compliance
- Overview of the state privacy breach laws
- Trends in Financial Crimes
- Lessons Learned from Superstorm Sandy
SEC Cybersecurity Compliance
- Overview of SEC Requirements
- Trends in Financial Crimes
- Lessons Learned from Superstorm Sandy
- Challenges endemic to the financial sector
As always, if you have questions regarding security, privacy or compliance, feel free to contact me at raj@brainlink.com.
Latest articles, blog posts, presentations and webinars are available at www.RajGoel.com
Come meet Raj in person and hear him present on “What MSPs Need to Know About Compliance” at the Datto Partner Conference.