Article by Raj Goel posted on Continuum MSP BLOG

What_MSPs_Need_to_Know_about_Compliance

The IT Support/MSP game has changed. Clients are no longer satisfied with just getting their desktops managed and servers supported.

Almost every industry has customer privacy and security compliance regulations – and clients are looking at us, their IT providers and business confidantes, to help them become and remain compliant.

So what do you need to know about compliance?

Target Your Vertical

First – determine what industry or vertical you will tackle, then dive into it.

In my experience, clients do not want a generalist firm that says we provide HIPAA/HITECH/PCI-DSS/Sarbanes-Oxley/GLBA/SEC Cybersecurity / [insert acronym here] compliance. More and more, savvy buyers want MSPs that focus on their vertical.

Healthcare IT

If you’re tackling healthcare, you must deep-dive into:

  • HIPAA/HITECH
  • FTC Health Breach
  • State Records Retention
  • SEC Cybersecurity Guidance
  • State Privacy Laws

If medium-to-large retailers ($10M-$4B) are your targets, then a thorough understanding of PCI-DSS and State Privacy Breach Laws is required.

Related: Healthcare IT – The Next Big Thing for MSPs?

Financial IT

If you’re focusing on banking and finance, then make sure you understand compliance in:

  • GLBA
  • SOX-404
  • State Privacy Breach
  • FINRA regulations
  • PATRIOT ACT
  • FFIEC 
For All Verticals…

Underpinning all these regulations, standards and statutes are 3 simple truths:

  1. Every regulation or standard requires good, tested, verifiable backups.
  2. Use of strong passwords and tested security configurations is a must.
  3. Encrypting data in-motion, and data-at-rest is a very, very, good idea.

Related: Your Biggest Security Threat May Be Your Easiest Fix

As you start your journey towards becoming a compliance-oriented MSP, I can offer you a few resources for HIPAA/HITECH, PCI-DSS, SEC Cybersecurity and PRIVACY LAW compliance.

HIPAA/HITECH Compliance: Email me and request the

  • WHAT DO MSPS NEED TO KNOW ABOUT HIPAA/HITECH slides
  • HIPAA Compliance Checklist
  • Articles and newsletters regarding trends in HIPAA enforcement and compliance

Related: How to Add HIPAA Compliance to Your Service Offering

PCI-DSS and STATE PRIVACY LAW Compliance

  • Overview of the state privacy breach laws
  • Trends in Financial Crimes
  • Lessons Learned from Superstorm Sandy

SEC Cybersecurity Compliance

  • Overview of SEC Requirements
  • Trends in Financial Crimes
  • Lessons Learned from Superstorm Sandy
  • Challenges endemic to the financial sector

As always, if you have questions regarding security, privacy or compliance, feel free to contact me at raj@brainlink.com.

For more of my latest articles, blog posts, presentations and webinars, check out www.RajGoel.com

Reference: http://blog.continuum.net/what-msps-need-to-know-about-compliance-your-policy-checklist