Avoiding IT Standards Overload

MSPs that use standards have seen a lower ticket count, less reactive work and have more time to focus on strategic relationships with clients. myITprocess provides MSPs with a centralized platform to manage their clients’ technologies and develop and maintain a library of technical and compliance standards.

TruMethods also provides robust Standards Library templates in our myITprocess software. This may seem overwhelming at first, but let’s break this down. Statutory, regulatory, and contractual compliance is no easy task; there are many requirements necessary for alignment. Examples like NIST 800-171, HIPAA, and CIS Controls 7.1 contain an overwhelming amount of questions and categories. At times, it can feel like drinking from a firehose; It is almost unrealistic to implement and enforce everything required by these agencies.

Disillusionment can occur when our TruMethods members request standards templates for myITprocess. Some are dismayed at the number of questions and the lack of How-To information included. They are often cited as unrealistic or time consuming for a Technology Alignment Manager (Net Admin) to complete in a single visit. These are valid responses to this amount of information and I wanted to clear up some confusion.

  1. Unless otherwise noted, all compliance templates are verbatim from their sources. TruMethods made the decision not to interpret any information from the source material into these templates. We do not want to define how a member should achieve compliance. We feel it is up to the member to perform proper due diligence and make their own interpretation of the requirements.
  2. The templates do not prevent a member from performing the work. Compliance is case by case—as mentioned above—and the How-To and Why are we Asking fields are often intentionally blank. This prevents TruMethods from determining the outcome of the question for its members.
  3. Completing the requirements may require multiple visits or a separate project. I have received ample feedback about compliance standards being impossible to complete during a standard TAM visit. That’s OK! This presents the option for two different opportunities: Add it to AISP (All-in Seat Price) or charge as NRR.
    • If your organization specializes in a particular industry (healthcare, legal, financial), rolling ongoing assessments into your AISP is probably worthwhile since compliance is not a ‘one and done’ effort. Adding the cost of ongoing compliance to AISP may make the most sense.
    • If performing a compliance audit as a one-off project, this will add to your NRR. Depending on the frequency of compliance assessments for customers, these provide the perfect NRR opportunity for almost any customer.
  4. Never feel obligated to use a template or benchmark in its entirety. You can use the questions and categories to build your own custom audit depending on the needs of your customers. Take these questions piecemeal, use what you need, and discard the rest. Or use all of them, whatever helps you meet the goals set forth as an organization.

Everyone has the best intentions when performing onsite assessments. Reducing the number of questions to a manageable level prevents ‘analysis paralysis’, allowing you to concentrate on those that matter most to the customer.

Request My Demo

TOPICS: IT standardsIT supportmanaged service providervCIO
« Previous Post Back to Blog Next Post »