MSPAlliance Adds, Updates Certifications Focused on Cloud, Data Center, GDPR

The International Association of Cloud & Managed Service Providers (MSPAlliance) this week announced new certifications for the core Unified Certification Standard for Cloud & Managed Service Providers (UCS), in addition to annual enhancements to UCS. 

The latest update in the increasingly popular UCS, which the MSP Alliance developed about 10 years ago, reflects enhancements that target data breaches, as more countries adopt laws – such as GDPR in the European Union – that impose stiff penalties on companies that don’t adequately protect their customers’ information.

MSPAlliance’s Charles Weaver

“That covers a lot of people and we thought that the standard should reflect that, for service providers to be aware of and have some sort of policy as to how to react and respond to data breeches in their own facilities, or if they identify it for a customer,” Charles Weaver, CEO of the MSPAlliance, told Channel Futures. 

The new certifications expand the existing MSP/Cloud Verify portfolio, specifically targeting MSPs and distinguishing them from cloud providers. The reorganized menu of certifications is as follows: 

• MSP Verify for providers of managed IT services.
• Cloud Verify for providers of cloud-based applications, including SaaS and cloud-based infrastructure.
• SOC 1 Type 1 & Type 2, can be added to any MSP or Cloud Verify project.
• SOC 2 Type 1 & Type 2, also can be added to any MSP or Cloud Verify project.
• Data Center Verify for providers of data-center services.
• Business Continuity Verify, an independent testing service for MSP business -ontinuity operations.
• GDPR Verify, for service providers wanting to demonstrate compliance with GDPR. 

“The addition of these new offerings provides a powerful and comprehensive set of tools for service providers to demonstrate trust and transparency to their customers,” said Weaver. “The MSP/Cloud Verify program delivers an audit and certification report, verified by a third-party audit firm, covering a variety of topics, service disciplines and regulatory frameworks. Cloud and managed service providers now have a single source for their certification and audit needs.” 

He noted that the MSP Alliance is doing an increasing amount of business in SaaS certifications.

These would be cybersecurity SaaS platforms – they’re not truly an MSP – but they’re a software as a service, or a one-to-many software application that has a service and hosting component around it or supporting it,” he said. 

The new Data Center Verify offering is tailored to a data center or colocation facility that provides the housing, security and connectivity infrastructure to customers or other MSPs, but does not have a managed service offering. 

The new Business Continuity Verify entails the testing of a service providers continuity plan.

“Most MSPs, if they have a business continuity plan, don’t test it regularly because it’s hard to simulate shutting down an actual application or data center. So what we do is come in and create testing models, observe the tests being performed — and we report on it. The MSP can internally learn and improve but we’ve also been seeing the MSP take the results and report to a customer to demonstrate that they’re business-continuity resilient,” said Weaver. 

Introduced about a year ago, the uptake on GDPR Verify has been steady and growing. Overall interest in the MSP/Cloud Verify program has been flourishing.

“Every day there are new MSPs coming to us – MSP that we haven’t heard of – saying, we have a compliance need, we have a transparency need or legal need to demonstrate compliance for something. MSPs are facing a very new world where the demand for …