Time for a Better IT Services Company?

Call (347) 460_-2238

What MSPs Need to Know about Compliance: Your IT Policy Checklist by Vertical

raj_goel-210x300
Raj Goel, CISSP
CTO Brainlink International, Inc.
raj@brainlink.com
917-685_-7731

Raj’s LinkedIn profile

continuum

What MSPs Need to Know about Compliance: Your IT Policy Checklist by Vertical

The IT Support/MSP game has changed. Clients are no longer satisfied with just getting their desktops managed and servers supported.

Almost every industry has customer privacy and security compliance regulations – and clients are looking at us, their IT providers and business confidantes, to help them become and remain compliant.

So what do you need to know about compliance?

Target Your Vertical

First – determine what industry or vertical you will tackle, then dive into it.

In my experience, clients do not want a generalist firm that says we provide HIPAA / HITECH / PCI-DSS / Sarbanes-Oxley / GLBA / SEC Cybersecurity / [insert acronym here] compliance. More and more, savvy buyers want MSPs that focus on their vertical.

Healthcare IT

If you’re tackling healthcare, you must deep-dive into:

  • HIPAA/HITECH
  • FTC Health Breach
  • State Records Retention
  • SEC Cybersecurity Guidance
  • State Privacy Laws

If medium-to-large retailers ($10M-$4B) are your targets, then a thorough understanding of PCI-DSS and State Privacy Breach Laws is required.

Financial IT

If you’re focusing on banking and finance, then make sure you understand compliance in:

  • GLBA
  • SOX-404
  • State Privacy Breach
  • FINRA regulations
  • PATRIOT ACT
  • FFIEC

For All Verticals…

Underpinning all these regulations, standards and statutes are 3 simple truths:

  1. Every regulation or standard requires good, tested, verifiable backups.
  2. Use of strong passwords and tested security configurations is a must.
  3. Encrypting data in-motion, and data-at-rest is a very, very, good idea.

As you start your journey towards becoming a compliance-oriented MSP, I can offer you a few resources for HIPAA/HITECH, PCI-DSS, SEC Cybersecurity and PRIVACY LAW compliance.

HIPAA/HITECH Compliance: Email me and request the

  • WHAT DO MSPS NEED TO KNOW ABOUT HIPAA/HITECH slides
  • HIPAA Compliance Checklist
  • Articles and newsletters regarding trends in HIPAA enforcement and compliance

PCI-DSS and STATE PRIVACY LAW Compliance

  • Overview of the state privacy breach laws
  • Trends in Financial Crimes
  • Lessons Learned from Superstorm Sandy

SEC Cybersecurity Compliance

  • Overview of SEC Requirements
  • Trends in Financial Crimes
  • Lessons Learned from Superstorm Sandy
  • Challenges endemic to the financial sector

As always, if you have questions regarding security, privacy or compliance, feel free to contact me at raj@brainlink.com.

For more of my latest articles, blog posts, presentations and webinars, check out www.RajGoel.com

http://blog.continuum.net/what-msps-need-to-know-about-compliance-your-policy-checklist

Have Questions About Your IT Or Cyber Security?

Brainlink Improves Client Business Using SOPs and RUNBOOKS

A key principle at Brainlink is that we are NOT the owners of our clients’ information – we are the custodian.

As a result, we have invested extensive resources in building Client Runbooks.

Find Out More Reach Out to Brainlink Below

Side Corner