MSP Verify “gold standard” updated to reflect closer alignment to CMMC (NIST 800-171) and ISO 27001 controls

Chapel Hill, NC – May 20, 2021 – The International Association of Cloud & Managed Service Providers (MSPAlliance®) announced the newest release of its Unified Certification Standard (UCS) for Cloud & Managed Service Providers. UCS v.21 adds more detail around existing Cybersecurity coverage within the standard, including further mapping to frameworks such as CMMC and ISO 27001. 

The UCS was created in 2004 and is the only purpose-built MSP standard developed by MSPs. The UCS undergoes regular reviews to maintain its relevance within the professional managed services community. Comprised of 10 objectives, the UCS provides a comprehensive evaluation of and benchmark for practicing managed service providers. 

“UCS v.21 represents a significant enhancement of our standard,” said CHarles Weaver, co-founder of MSPAlliance. “As our global community of MSPs must increasingly comply with frameworks such as CMMC and ISO 27001, this update to the UCS allows those providers going through the MSP Verify process to more easily identify and onboard the controls necessary to demonstrate such compliance.”

The UCS currently covers ten objectives or topical areas relevant to practicing MSPs: 

• UCS Objective 1 – Governance
• UCS Objective 2 – Policies & Procedures
• UCS Objective 3 – Confidentiality, Privacy and Service Transparency
• UCS Objective 4 – Change Management 
• UCS Objective 5 – Service Operations Management
• UCS Objective 6 – Information Security
• UCS Objective 7 – Data and Device Management 
• UCS Objective 8 – Physical Security
• UCS Objective 9 – Billing and Reporting
• UCS Objective 10 – Corporate Health

MSP Verify Certification Offerings

MSPAlliance currently offers the following certifications: 

• MSP Verify – for providers of managed IT services
• Cloud Verify – for providers of cloud-based applications, including Software as a Service and cloud-based infrastructure
• SOC 1 Type 1 & Type 2 – can be added to any MSP or Cloud Verify project
• SOC 2 Type 1 & Type 2 – can be added to any MSP or Cloud Verify project
• Data Center Verify – for providers of data center services
• Business Continuity Verify – an independent verification of MSP business continuity operations
• GDPR Verify – for service providers wanting to demonstrate compliance with GDPR 
• ISO 27001

All MSPAlliance certifications include consultative gap analysis, remediation assistance, and an independent auditor review with a signed, comprehensive audit report. Further, providers who participate in the certification process can participate in peer-group-style meetings with other MSP Verify companies. 

Less than 3% of the MSPs worldwide possess an MSP Verify (or equivalent) certification or audit. Those MSPs with the MSP Verify service both SMB, mid-market, and enterprise clients, including organizations across many vertical markets, including financial services, banking, healthcare, education, legal, government, and more.