MSP and SAS 70 Certifications Gain Momentum
What’s the difference between managed services accreditation and certification? The former is for companies, the latter is for individuals — and soon the MSPAlliance will offer both options for managed service providers. Meanwhile, numerous data center providers are completing SAS 70 audits as well.
The MSPAlliance plans to launch the Managed Services Professional Certificate during the associations’ MSPWorld conference in Orlando on April 30. (The MSPAlliance already offers an accreditation program.)
Early advocates of the new certification effort include Data Device CEO Jim Swoyer and The Utility Company CEO Mark Scott. In a prepared statement, Scott said:
“The Managed Services designation will be available to individuals who wish to demonstrate high levels of professionalism and accountability in their careers. By focusing on the individual certification we now will be able to effectively communicate trust and professionalism to the end-user community.”
Over the long haul, I expect more MSP-type certifications and accreditations to emerge from associations (such as CompTIA) as well as vendors. Juniper, for instance, recently launched a managed services track for the networking company’s partner program.
SAS 70 Audits
Meanwhile, numerous MSPs are completing SAS 70 audits in order to provide customers additional peace of mind.
In the past 48 hours I’ve heard about SAS 70 initiatives from Online Tech First (a managed data center operator in Michigan) and Consonus Technologies of Utah. According to Consonus:
“Successful completion of the SAS 70 audit confirms the reliability, security, availability, and processing integrity of the IT services Consonus offers through its world-class data centers.”
The SAS 70 audit, or Statement on Auditing Standards (“SAS”) No. 70, was developed by the American Institute of Certified Public Accountants (AICPA) as a means of auditing and reporting the effectiveness of operations and controls of a service provider, according to Online Tech First.
I’m not in a position to endorse any particular certification, accreditation or audit approach. But there’s no denying the need for customers to have an easy way to find trustworthy, reputable MSPs.
MSPmentor is updated multiple times daily. Don’t miss a single post. Subscribe to our Enewsletter, RSS and Twitter feeds.
Any idea what the cost of a SAS 70 audit is for MSPs, I’m assuming it depends on your size of the organization?
Craig: Great question and I must concede — I don’t have the answer. But I’ll try to track it down (if a reader doesn’t beat me to it…). Stay tuned.
The grapevine says CompTIA and MSP Partners are working on something in the accreditation market. Stay tuned for details to emerge within hours or days.
Joe-
We recently completed our SAS 70 Type II certification and immediately saw benefit both internally and externally. The period between our Type I and Type II certifications allowed us to really tighten our process and insure our controls were solid for delivery of our services. As our managed and datacenter services continue to converge, these controls are in use in all areas of service and support.
We conducted an email blast to our clients announcing our SAS 70 Type II and received immediate feedback from our clients. The best response was from those in our datacenter today. Many told us that we made it easy to meet their individual compliance requirements through our certification. Additionally, we got about a dozen face to face meetings to explore our managed services in depth.
I am interested to see if a successful SAS 70 might fulfill some of the requirements of the MSP Service Provider Accreditation from MSP Alliance.
Brian
http://www.fandotech.com
Craig @1: Answering your question. I spoke with an MSPmentor 100 survey participant. He said his company spent about (US)$7,000 on its original Type I certification and about (US)$22,000 on our Type II in audit and accounting costs.
He noted that you do not necessarily need to do the Type I, but it gave his company some time to bridge the gap with some customers to successful Type II certification.
Also, he said you should expect some significant labor hours of your own in putting together your process and then providing the reports for audit. During the final 2 months of preparation, his staff put in about 60 hours dedicated strictly to that task.
Please note: I am not a SAS 70 expert and the info above is from one MSP. I’m sure anecdotal information will vary from MSP to MSP.
Craig, Joe, got some additional inputfor you, SAS 70 Type 1, we were quoted ~$35k for the type 1, included a pre audit (“quick” overview to see if there are gaping holes in our processes). As previously stated, and from our own experience; What we paid for the audit would have been the least expensive part, the processes and regulations we created and enforced over the past two years were much more expensive. As far as how a SAS 70 certification helps the clients: we deal with some regulated customers, Thus far, a lack of a sas 70 hasn’t hurt us. Be aware, there are alternatives to a sas 70. Remeber, the goal from the auditors perspective is that a third party has confirmed that you do what you say that you do, that you are financially viable and that you follow some accepted best practices in areas like change management, documentation, meeting service levels, that what your contract says is actually what you deliver, etc… SAS 70 is pretty much the standard, but who is to say that is any better than the MSP Alliance, or CompTIA, or even the audits that we have performed for clients that included how their MSP’s are meeting what we consider to be best practices of an MSP in their service delivery? I would like to know where they got a sas 70 type one audit for $7k, that is by far the best price i’ve heard. Part of our decision process, and we are struglling with it even today is this: Is the additional expense of the compliance requirements worth it to the clients? SOme you will certaily answer yes for, but others… hard to say, and can you pass on the costs to them if they don’t realize the value?