Can You Trust Your Managed Service Provider?
Can You Trust Your Managed Service Provider?
To provide effective service, Managed Service Providers require access to passwords and other private information. That’s why it’s so important to trust your MSP. But how can this be done outside of trial-and-error? Are there steps you can take to guarantee that trust? SOC2 compliance is an important criterion for evaluating your MSP.
If the repository they use for storing your private information is SOC2 certified, it means a third-party has audited their system and determined that it complies with five trust principles developed by the American Institute of CPAs (AICPA).
The Five Principles of SOC2 Compliance
Not all Denver managed service providers are created equal. SOC2 certification ensures that you are working with the best of the best service providers in any given area. Here’s what the certification is considering:
This principle is certainly the most obvious and important – the repository must, at the very least, be password-protected. However, just the basic security protocols are not going to cut it when it comes to SOC2 compliance for managed service providers.
Auditors will want to know whether the system is also protected from viruses or other outside intrusion. They’ll be looking at whether or not the system will recognize the breach if an outside source does break in. They’ll be looking at notification triggers and the timeliness of alerting system managers, too.
Moreover, SOC2 compliance considers what policies determine who has access, what happens when an employee is terminated, and much more. A secure system has verified features that protect it from unauthorized access which keeps your data protected.
To be useful, the repository must be available to the right people, at the right time and location. This ensures the client receives the agreed quality determined by the Service Level Agreement. Technicians must be able to access information at the client site or remotely from some other location. If the information cannot be retrieved in a timely fashion, the quality of service your managed service provider can offer will be hindered.
Similarly, the repository itself must be robust and reliable. It must be designed so that server crashes, hardware failures, and connectivity issues are minimized through best practices. It must include processes for constantly monitoring service availability. In case of a disaster, the repository provided by your managed service providers should be capable of recovering quickly and reliably.
All documentation systems must be maintained continually so their data is as accurate, complete, and as up-to-date as possible. Bad information can be worse than no information. Your managed service provider should maintain quality assurance procedures so that every time the system is accessed, its accuracy is monitored and bad data is rectified.
This function is performed not only through the procedures for governing access from technicians, but automatically, through the system’s software.
The data repository must allow access at different levels. Hardware listings and license renewal dates would normally be available to a wider audience than passwords, which are highly restricted. This protection is guaranteed through account privileges, but also by the network configuration. Firewalls, routers, and wireless access points are considered when your service provider is designing a plan for guaranteeing proper confidentiality.
The AICPA has identified Generally Accepted Privacy Principles (GAPP) which define particular types of data that must be kept private. Personally Identifiable Information (PII) refers to information such as addresses and social security numbers.
Unlike passwords, this information is not a high security risk. However, it is still governed by privacy laws and must be protected.
Starting in 2019 Analytics Computers began offering its clients IT Glue. IT Glue is a commercial, SOC2 certified repository managed by hundreds of technicians worldwide.
This provides greater security and enables us to offer a higher quality of service to all our valued clients without dramatically increasing the cost of outsourcing for the best managed service providers.
Analytics Computers Is the Leading Managed Service Provider In Denver
When you’re looking for a Denver managed service provider who checks all the boxes, look no further than Analytics Computers.
Our technicians are highly trained in data security best practices so they can offer the highest-quality services to our clients. To learn more, contact us today to schedule a meeting with our MSP team.