[12 DAYS OF PASSWORDS | 4 MIN READ] Managed Service Providers (MSPs) serve a variety of clients in a variety of industries. As an MSP, it is important to know your network well in order to adhere to strict compliance regulations or face serious consequences, such as a data breach or an expensive fine. Other standard organizations include National Institute of Standards and Technology (NIST) or the International Organization for Standardization (ISO). Data protection is a main concern today, and many MSPs will have to comply with multiple regulations. Learn four common industry standards MSPs need to be aware of and how to comply.
Four common compliance standards:
HIPAA - Healthcare
HIPAA, along with the HITECH act, are actively being audited in health organizations to ensure compliance. This is critical for MSPs to adhere to who deal with this industry. Electronic versions of Protected Health Information (ePHI) must be controlled and authorized through regulations when is is in use or stored.
PCI-DSS – Retail/Consumer
Payment Card Industry (PCI) Data Security Standards (DSS) is a regulation that sets parameters for merchants to acquirer and protect card holder data. There are twelve domains of PCI DSS to cover a wide range of security requirements designed to protect the storage and destruction of card holder data.
Sarbanes Oxley Act (aka. SOX) - Finance
Sarbanes-Oxley (SOX), is an American government act from 2002 that applied to all financial organizations in order to identify internal controls on financial data and implement privileged access management on such records.
GDPR (EU) – General Data Protection
EU GDPR (General Data Protection Regulation) most recently came into play as a privacy regulation in the European Union. It draws attention to the collection of personal information and activities taking place on the internet and websites. We see this now being implemented in North America.
MSP Quick Tip Takeaway...
- If your MSP manages any of the above, implement a SOC2 certified, privileged access management and documentation solution, or also knows as "Privileged Client Knowledge Management", that adheres to all the necessary requirements so you and your clients are properly protected.
- This would provide secure access to accounts and IT documents, allowing for the correct people to obtain the correct information fast.
- 12 Days of Passwords: Educate Your MSP on Cybersecurity & Password Best Practice
- 12 Days of Passwords: Use Multi-Factor Authentication (MFA)
- 12 Days of Passwords: Access Management to Privileged Credentials
- 12 Days of Passwords: Four Password Types Not To Use
- 12 Days of Passwords: The Right Way to Generate Complex Passwords
- 12 Days of Passwords: Power of Automation for Password Security
- 12 Days of Passwords: Password Resets: The Bane of an MSP's Existence
- 12 Days of Passwords: Password Auditing and Accountability
- 21 Days of Passwords: 12 Days of Passwords: Industry Standards & Compliance (You're already here!)