Any good MSP is going to want to check on how their clients are aligned to their own and industry best practices. Making sure that clients are compliant with things like HIPAA, NIST, PIPEDA, and GDPR means that the client is better prepared for different types of failures and nefarious events.
In the TruMethods model, a Technology Alignment Manager, aka a TAM, answers yes/no questions to make sure the client is compliant with whatever best practices (aka standards) that are being checked. The vCIO then goes through and evaluates how big of an issue the answers to those questions are. Our myITprocess software helps MSPs be more vigilant by not only having an innovative TAM process as a pillar function of the system, but by providing different benchmarks and templates to wh
ich MSPs can hold clients. But how do we use these most effectively?
First, it’s important to understand the difference in our system between the Standards Library and the Client Template. The Standards library is where all of your standards are going to live, no matter if one client or one hundred clients need that particular standard. When a user selects the specific client from their list in the Standards Library, they will be taken to the individual client page of standards that are specific to that particular entity. myITprocess users are able to take subsets of their library as a whole and apply them to individual companies; after all, a small bakery is not going to need HIPAA standards like a dental office will. There is no reason for a non-medical client to need medical vendor benchmarks, and myITprocess enables users to have that flexibility through including and excluding sections and categories as needed.
Now that we know generally what we want to check for a client, how do we go about figuring out what to do first? It’s all about priorities; if everything is important, then nothing is important. Many of our members right now are focusing on Security as well as remote business continuity, as both of these sections are critical for people being able to work from home right now. There are other MSPs that are finding it easier to check things like core infrastructure, because when they go on site there’s no one else in the building, so it’s easy to get that type of review completed. In general, we recommend MSPs go through their entire standards template for a particular client within a calendar year so that everything is checked at least once every 12 months.
What about going on site? While every locale has different rules and comfort levels, myITprocess is still set up currently to do the entire TAM process from the safety of your office. One of the first things our Standards Manager did at the beginning of the pandemic was make two templates that can be completed 100 percent remotely, and they are available to all myITprocess members through myITemplates.
What about completing reviews? There are two big pieces of advice the MSA team gives when it comes to doing a TAM review (which some members may call an engineer review or an audit). One, do small reviews. A small review that is completed is so much more valuable to everyone involved than a large review that is completed in 6 months, or never completed at all. Especially if an MSP is at the beginning of their myITprocess usage lifetime, reviews of 100 questions or less are most optimal. The second piece of advice is to make a schedule for reviews, and then stick to it as much as humanly possible. Let’s say someone is half time on the support desk and half time on TAM. Every Tuesday they always work on their TAM reviews, but this particular Tuesday someone’s firewall goes down and it causes a giant mess of tickets. Do you take the TAM off their review to go work on those tickets? No!! The TAM process is absolutely vital to the TruMethods model of Technology Success, as they are the first people to really see the details of the client and gather information.
Sometimes the tech team will feel like they’re going through the same questions, getting the same answers, but tickets are creeping back up. What does this mean? While there are a few things that could indicate such an issue, it definitely sounds like the Standards Library needs to be revamped. The questions we ask should address the problems that are arising as frequently as possible. TruMethods recommends having a Standards Committee meeting on some kind of regular interval, and it usually ends up being once a month. A member of management, a member from the support team, and a TAM and/or vCIO are all good people to have on the committee, as they all have different perspectives on how the template should change. Best practices and new threats are evolving all the time, so we need to evolve with them. The committee meeting and updating standards regularly ensures that the list is doing its job through the review process and keeping your tickets down.
While there are many ways to approach the Standards Library, at the end of the day every MSP needs to keep clients aligned with best practices. We’ve seen members with 120 question libraries, and members with 1200 question libraries and both can be successful. As long as a disciplined schedule is kept and work expectations are manageable, every MSP can have a useful and impactful set of standards. Our Standards Manager Brian Dappolone has just launched a new template on jumpstarting your MSP cybersecurity!
