Compliance Matters
How The 20 is Leading the Regulatory Charge
The importance of regulatory compliance for managed service providers (MSPs) has skyrocketed in recent years. In the early days of the managed IT services industry, an MSP’s primary role was that of technical caretaker; we keep your systems running smoothly with an eye to boosting your operational efficiency. Simple enough.
But the rise of cyberattacks – and their subsequent evolution into a pervasive existential threat for businesses of all sizes – led to an explosion of new standards and increasing regulatory complexity. First came the Sarbanes-Oxley Act in 2002, and following quickly on its heels were PCI DSS (2004) and the Gramm-Leach-Bliley Act (2005). More recently, SOC 2, GDRP, and CCPA have emerged as crucial compliance frameworks.
To put this in perspective, if the U.S. regulatory industry were a country, it would be the world’s eighth-largest economy!
One consequence of the ‘regulation revolution’ was the rapid expansion of the role of MSPs to encompass compliance management, a responsibility that requires a thorough understanding of the security landscape, industry-specific regulatory requirements, and risk management more broadly.
This has been nothing short of a paradigm shift; some MSPs have been left behind, while others have adapted with gusto.
Here at The 20, we’re proud to say that we firmly belong to the latter category. We are ‘all in’ on compliance and it’s for one very simple reason:
Compliance and security go hand-in-hand (learn more).
Security requires compliance and compliance requires security, which is why we’ve kept our nose to the grindstone on the regulatory front, achieving significant compliance milestones for The 20, while helping our MSP members and their end clients in their efforts to remain compliant and secure.
Let’s take a look at where The 20 is in its compliance journey – as well as what’s ahead on the regulatory front.
The 20 is SOC 2 Compliant!
To begin, we want to share a major milestone our organization recently reached – The 20 is now SOC 2 Type II compliant!
After completing a stringent 3rd-party audit, we received a resoundingly positive report and unqualified opinion. Translation: we now have robust 3rd-party validation that our security processes and controls all meet or surpass standards established by the American Institute of Certified Public Accountants (AICPA).
This is a big deal, as very few MSPs are SOC 2 Type II compliant (< 5% according to several sources). More importantly, this attestation reinforces our pledge to clients (and prospective clients):
Your data isn’t just a priority; it’s a sacred trust.
Read the full press release for more details on our SOC 2 Type II compliance.
Why Compliance Matters
Compliance has a lot of ‘strategic value.’ It demonstrates operational maturity and can provide a competitive edge. We mentioned how a robust compliance posture can help an MSP win clients in industries where data protection is paramount. Simply put, regulatory prowess is a powerful differentiator. But these considerations are secondary to the one undeniable reason why compliance matters:
Compliance matters because security matters. It’s really that simple.
But can’t organizations secure their systems without jumping through regulatory hoops?
In theory, yes. But in practice? Let’s just say there’s a reason even the most experienced airline pilots must meticulously go through checklists before taking off. Could most pilots perform the necessary tasks without the checklist, relying on memory alone? Sure. But the operative word here is probably. When the stakes are as high as the safety of several hundred passengers, ‘probably’ just doesn’t cut it.
And you’d better believe the stakes are sky-high when it comes to protecting data and preventing it from falling into the wrong hands. Cyberattacks are extremely costly, and data shows that they’re only getting costlier; last year the average cost of a data breach ($4.45M) reached an all-time high. Moreover, we’re not talking about individual pilots here, but entire organizations. Compliance frameworks help leadership ensure that best practices and robust controls are being used across the board.
Bottom line – unless there is a dramatic shift in the threat landscape, regulatory requirements are only getting more complex and demanding. The time for your MSP to start proactively developing a sophisticated compliance program was yesterday.
Cool Links
Are you a business looking to partner with an MSP with compliance expertise?
Check out The 20 MSP or schedule a call.
Are you an MSP struggling with compliance, or simply looking for help streamlining and automating compliance management?
Check out The 20 MSP Group or schedule a call.
Thanks for reading!