I recently read an article (in a CIO magazine of all places) posing the question whether MSPs should be offering CIO services to their managed customers. At first glance, you may ask ‘why wouldn’t a MSP offer CIO services to their customers’? CIO (or sometimes called virtual CIO) offerings deliver valuable consulting and advisory services to customers who need that high level IT strategy advice, chiefly because they do not have anyone on staff to fulfill that role. MSPs are frequently in good positions to offer these services to their customers.

But, are there any scenarios where the MSP should not deliver a CIO type of service to the customer? Let’s examine two common situations where a virtual CIO service being offered by a MSP might be problematic.

Segregation of Duties

What is segregation of duties? According to Wikipedia, segregation of duties “is the concept of having more than one person required to complete a task.” For those of you not familiar with this concept within the context of managed services, segregation of duties is the concept of separating the responsibilities of a particular control or process, and having more than one person participate in the delivery of that control or process. The reason for this is to prevent fraud or error by having a single person being responsible for the control or process.

The principle of segregation of duties is important for MSPs and is even embedded within the MSP/Cloud Verify program, to prevent intentional or unintentional actions by MSPs which could damage networks and systems, both internal and customer. Having a MSP perform managed and cloud services as well as serve as the CIO could be problematic if the appropriate controls are not in place.

MSP Expertise

If the customer is in a specialized field, it goes without saying that any MSP not possessing that domain level business expertise may not be capable of delivering true CIO services. However, this is different from a MSP operating in a specialized field and providing IT guidance, even without knowledge of the customer’s field.

For example, there are quite a few medical providers who are experts at delivering medical services but completely ignorant about IT. In this scenario, the MSP acting as CIO would be appropriate, provided they a) understood enough about the medical field and b) had the appropriate controls in place to deliver both consulting and managed services.

CIO or consulting services are highly desired by managed services customers. I also understand the need for segregation of duties and relevant domain level expertise as pre-requisites for delivering these solutions. Should we have a blanket rule that says MSPs cannot/should not also deliver CIO services? Probably not. Should MSPs be aware of possible conflict of interest and other risks when delivering CIO solutions? Absolutely.


Tags : CIO,cloud,managed services,MSP/Cloud Verify,MSPs

Post A Comment

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

    Contact us


    100 Europa Drive, Suite 569 | Chapel Hill, NC 27517





    Sign Up For Our Newsletter

    Select list(s) to subscribe to

    By submitting this form, you are consenting to receive marketing emails from: MSPAlliance, 100 Europa Drive, Chapel Hill, NC, 27517, https://www.mspalliance.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact