I really enjoy your videos and interactions in live streams. I work for a pension plan for a City and we are looking to hire a new Managed Service Provider due to our current service provider not being able to provide appropriate written documentation of the standards under which they conduct their business. Our primary issue is our office size: we are a three person office. Having the additional requirements that a governmental entity has means that it is not cost effective for our provider to provide what we would like.
I’m wondering if there is some boilerplate language that indicates the scope of the services provided by a MSP as well as the standards under which they operate. We don’t really want or need details. I don’t even know what would be appropriate in such a document.
The vast majority of our current MSPs clients do not have the potential liabilty that would arise is the personal data of our 6,000 participants and retirees were to be compromised.
I’m actually asking a few questions. The first one is where I might get informaiton about things like credentialing, licensure, and qualification standards for the people that work for an MSP.
Seondly, I’m wondering if there exists an organization or general industry guidelines that provide information on best practices with respect to IT, security, mitigation and prevention.
Thirdly, I’m wondering what your personal opinion is on what those best practices should be.
Finally, I’m wondering what other forum members think about such things, or if they have documentation that they use that they’d be willing to share.
We are using Azure / Office 365 for our identity management with SSO for tooling that we use that supports it. Not sure what you are looking for in terms of licencing.
The IT / MSP industry does not have a universal standard for the organization but CompTIA is working on that with their Trustmark program
For security we have frameworks bot h the IT / MSP provider and clients can align to which is CIS