Weston Technology Solutions: A MSP Verify Audited IT Company
Less than 5% of the MSPs worldwide have obtained an MSP Verify (or equivalent) certification or audit. Weston is one of them.
Weston Technology Solutions is a managed IT company, more specifically referred to as a Managed Service Provider (MSP). Managed Service Providers (MSPs) are IT companies that focus on keeping your business technology and systems operating and optimized as well as provide tech support and services to your company and its people.
At Weston, we believe that accountability and transparency are important and part of our “Integrity” core value (ask anybody on our team, and they’ll tell you the rest of our core values). We continuously push ourselves to make measurable improvements in our on-going effort to better the lives of others (our clients, co-workers, and community).
Giving the keys to your business’ technology over to another company is sometimes a scary proposition, and we wanted to make sure you had confidence in knowing that we act the way an MSP should be acting. As part of this, our latest effort was to achieve the MSP Verify & Cyber Verify certifications by MSPAlliance®. Weston has achieved this certification. Read on or contact us for more on this MSP Audit and certification.
Need an Audited Tech Support Company?
What is MSP Verify and Cyber Verify?
Established in 2000, the International Association of Cloud & Managed Service Providers (MSPAlliance) is a globally recognized compliance association and accrediting body for the Cyber Security, Cloud Computing and Managed Services Provider (MSP) industry. The MSPV was the first certification created specifically for the managed services and cloud industry.
The MSP Verify certification is for managed service providers, designed to provide assurance, generate trust, and communicate transparency to businesses shopping for managed IT services. Cyber Verify was specifically designed for outsourced service providers and the businesses they service. To give greater transparency and assurance when it comes to the cyber security practices of the service provider.
Every MSP Verify certification comes with a written report with the entire process documented, validated and signed by a third-party accounting firm (contact us if you’d like a copy of that report). The MSP Verify (MSPV) has been reviewed by governmental agencies and regulatory bodies across the globe and is used and accepted in five continents around the world.
As with any other substantive certification of this type, the MSPV certification must be renewed annually.
“The MSP Verify certification program strengthens our commitment to providing our clients with secure, consistent and well-documented managed IT services. Knowing that your IT partner is operating in a way that meets or exceeds industry standards is critical to business owners in today’s high-risk environment. This third-party audit is just one of the ways we do things at Weston that gives business owners peace of mind.”
Brock McFarlane — Founder and CEO, Weston Technology Solutions
What Does the Audit Look For?
There are ten control objectives of the Unified Certification Standard and underlying controls that constitute crucial building blocks of a successful managed services (and cloud computing) practice. Once the provider’s organization has completed all MSPV documentation on all applicable control objectives, the results are then examined by an independent third-party accounting firm for verification and signing of a public facing report.
A overview of the 10 control objectives the audit covers for the MSP Verify certification
Confidentiality, Privacy & Service Transparency
Ensures the IT company has the appropriate policies and procedures covering the protection and disclosure of client data.
- Location of controlled data (including external service provider managed data)
- Protecting the identity of applications used to provide services.
Ensures the IT company has corporate and organizational structures designed to:
- Maximize efficiency
- Minimize risk
- Provide appropriate accountability & oversight for the services delivered.
The IT organization has documented policies and procedures governing physical access and environmental security of the MSP’s assets. Additionally, the IT company has demonstrated it has appropriate physical security controls at each facility, including:
- Physical access controls
- Card keys
- Video surveillance
- Onsite security
- Visitor/guest logging
- and additional controls
Data & Device Management
Ensures appropriate policies and procedures to safeguard the integrity and availability of client’s managed data, and the MSP’s internal data in the event of:
- Natural disasters
- Cyber-attacks (including ransomware)
- user error or malfeasance
- Data backups
- Monitoring backups & handling any errors
- Data encryption
- Data recovery testing
- Data & Device life-cycle management
- Disaster & business continuity planning
Protects clients by ensuring the IT company has corporate and financial structures in place to ensure the company is sustainable & has sufficient safeguards in place to mitigate risks to operations.
- Financial reports proving operational sustainability
- Balanced revenue distribution across clients
- Adequate margins to ensure quality of service & sustainability
- Maintains applicable insurance
- Client & employee retention tracking
Billing and Reporting
Ensures the IT company accurately monitors service delivery, reporting, and invoicing for clients & follows Service Level Agreements (SLAs) signed by both parties.
Ensures the IT company has formally established change management policies and procedures, including appropriate levels of:
- Configuration changes for the client (and the MSP)
- Capacity planning
- Patch management
Ensures the IT organization implements the necessary controls to effectively govern access to:
- Managed data
- Systems that may compromise the security of the MSP or its clients.
Service Operations Management
This covers how the IT company will identify and respond to IT-related events that may impact services provided to their clients. This includes:
- Service desk operations specific to the MSP’s network operations center (“NOC”)
- Trouble ticketing systems
- Event management policies and procedures.
Policies and Procedures
Ensure the IT company has documented the policies and procedures necessary to:
- Maintain effective levels of service delivery
- Minimize deviations from the established policies and procedures
Interested In Learning More?
Could Weston’s managed IT services be right for your business? We focus on professional service companies, mostly in regulated industries where compliance and excellence in service matter. Supporting businesses with 20 to 250 employees, we serve our clients as either their entire IT department or in a hybrid arrangement where we offset an internal IT staff with our team and extensive resources and experience.