As Important As Finances
An MSP business comes with a lot of hidden red tape which can be deceptive. Chiefly, compliance becomes a primary issue. When discussed here, the term compliance refers to whether an MSP is in compliance with laws that govern best practices concerning technology or not. Security is a big concern and industries like healthcare have an increased onus to be in compliance with legal strictures in that regard. But if your MSP is providing IT services for a healthcare operation and they’re out of compliance, your MSP could be held liable for their negligence. You’re the expert, after all. Certainly, laws may differ from one state to another, but there are some national restrictions which will be the same across the board. The key to remaining in compliance is to understand legal necessity at the state level and the federal level.
The big problem is, your MSP business can’t do this just one time. You’ve got to be able to do it regularly, because what is and isn’t compliant will transition. You’re going to have situations where something that was perfectly legitimate only a few months ago is suddenly a huge issue. Especially as cloud computing and IoT (Internet of Things) become more prevalent in modern society, curtailing areas of weakness will be a key component in defining compliance; specifically, security weakness.
So look at it like an additional financial audit. You must audit financial dealings on a regular basis to ensure all taxes are paid and all practices properly reflect what is legally required. In the same way, you must audit tech operations to keep from having fines leveled against you and ensure restrictions aren’t imposed which keep your MSP from operating profitably. A tangential benefit of a technology audit may be finding areas in your operations which could stand to be refined. Several areas where it makes sense to conduct an internal tech audit include:
- Evaluating hardware for proper operation
- Analyzing networks to determine whether upgrades are necessary or not
- Determining security and effectiveness of information transfer between users
- Protocol evaluation to ensure proper deployment of operational requirements
It has been said that if something isn’t broken, there isn’t any use fixing it— this is and isn’t true. Certain technology needs no upgrade to remain usable, certain technology must be upgraded or it’s a security risk. It all depends on the level of integrity a given component has in the system. Running an internal audit can help you determine what systems must be changed out, and which can remain as they are. Often, the upgrade will add additional productivity to operations anyway. It’s generally good practice to conduct such evaluations every two to three years.
Your networks need to be monitored and analyzed in order to determine how necessary a given upgrade may or may not be. This is straightforward enough to say, but may require a bit of doing; especially if you have multiple networks which require analysis.
“Pen” is short for “penetration” in the term “pen-test,” and this may be the family of test necessary to determine the efficacy and security of inter-personal communication between users on your MSP’s networks. You need to act as a hostile to see how secure and effective such user communication is. And, like with hardware evaluation, you may find that a number of small upgrades represent a substantial contribution to the efficacy of your business’ operations.
Some protocols are anti-compliance. Some are designed to fulfill older compliance needs. You need to compare your protocols to those which are required in order to determine where your business is at and then apply changes as necessary. And again, this audit can be used as a means of streamlining operations by identifying and eliminating redundancies.
Think of internal audits like the kind of necessary periodic maintenance you do on the vehicles you use to keep them operational. Tires, windshields, wipers, and fluids must all be changed regularly in order to keep a vehicle road-worthy and operational. Your MSP business is, when you get down to it, very similar.