Data Retention Plus Corporate Compliance Equals MSP Revenues
Most businesses don’t specifically seek out an online backup solution. I’m sure you’re wondering why I would state that outright as an employee of a company that partners with MSPs to offer this type of solution to their clients. The truth is that the solution providers that are most successful at selling online backup services do so with a great emphasis on their client needs, starting with the challenges they face related to their industry and markets. Federal, state and local regulations continue to be a concern for businesses of all size, but it affects the SMB segment hardest since they have fewer resources available to monitor and manage them. That’s an area where MSPs can flourish with the right knowledge and approach.
In addition to the myriad of state and local data retention laws, as well as industry-specific guidelines, there are three regulations that cause the most grief for the business community. While solution providers’ current clients may not have to comply with all of these rules, an MSP should understand the implications of each if prospecting new opportunities that may be impacted by these Federal mandates. In addition, one of your customers may acquire an organization or create a new division that must comply with one or more of these regulations. In other words, if your company expects to expand into new vertical markets or regions, you’re likely going to have to be knowledgeable in one of these three rules.
The Right Medicine
Healthcare technology is a thriving segment of the IT channel, most likely a direct result of the Federal stimulus program to implement EMR (electronic medical records). But before you set about building a new practice targeting physicians’ offices and clinics, you’d better brush up on HIPAA (Health Insurance Portability and Accountability Act of 1997). This legislation includes guidelines for the secure storage of patient health information and contingency planning objectives for disaster recovery, data storage and emergency operations procedures.
For example, one goal of HIPAA is to ensure the availability of patient information to authorized personnel at all times, with no exception. Even in the event of a fire, natural disaster or system failure, medical facilities must have access to medical records and files. HIPAA provisions also require organizations to maintain a system that can back up real-time data on a continuous basis.
Recommending a data backup system that retains and archives their information is one of the first steps in helping your clients meet the healthcare standard. Encryption of their patient data files and quick information restoration (even in the event of a complete system failure or data loss) are other features that address needs for clients covered by HIPAA.
The GLBA (Gramm-Leach-Bliley Act) requires financial institutions to protect the confidentiality and integrity of personal consumer information. That means banks, security firms and insurance companies are responsible for the security of their customers’ data, whether it’s in their onsite systems or in an offsite location. Experienced compliance consultants illustrate how both systems can be configured to prevent data breaches, including the use of encryption and electronic security measures.
The final piece of the compliance trifecta is the Sarbanes-Oxley Act (SOX), which regulates publicly-held companies of all size to ensure proper governance and financial reporting. The regulation provides set guidelines for data and message retention, timely record retrieval and the implementation of retention policies. Fines for non-compliance can be substantial, including fines and up to 20 years imprisonment for those obstructing, impeding or influencing a legal investigation.
Data Retention Plan
The specific data storage requirements for any of these regulations shouldn’t be overwhelming for an MSP to comprehend and implement, but a commitment to procedures is needed to ensure success. After discussing regulatory needs with your customers, the next step is to construct a data retention and security plan, followed by implementation of a solution. The final step may prove the most challenging; ensuring that your technicians and your client’s employees understand the procedures put in place, and what their role is in the process.
With a thorough understanding of compliance, an MSP/consultant can confidently tackle new markets and exponentially increase the value of services offered. This expertise not only gives you a leg up on your competitors, but allows you to engage clients on additional projects and services that can grow your revenue significantly.