The Schwartz Cloud Report

Blog archive

MSPAlliance Releases New Audit Standards

The MSPAlliance has instituted a new certification standard for cloud and managed service providers that aims to provide more transparency to customers.

The MSPA's Unified Certification Standard, or UCS, provides an auditing framework by which MSPs and cloud providers can offer more public-facing information about how their operations are run and safeguarded.

"It will encourage MSPs to be more transparent with how they do things, especially the cloud providers," said Charles Weaver, president and co-founder of the MSPA, in an interview.

"Cloud providers need to have more openness in who has access to data, where do the datacenters reside, where is the helpdesk," he said. "Just basic things like that. They're historically not open with that information unless they are asked. Now they can do it in a much safer way."

The MSPA has arranged for the accounting and auditing firm of Frost PLLC to perform audits for members based on the UCS standard. The audits will gather information on various control objectives such as how duties are segregated by the service provider to ensure there are checks and balances, how data is encrypted and where data is stored.

UCS mimics a SAS 70 report, Weaver said. Level 1 UCS audits are based on information gathered during a fixed certification period by which a provider shares what controls are in place. Level 2 tests those controls over a period of time and are forward-looking, Weaver explained.

"So there will be a greater level of assurance to the end user in a Level 2 [audit] because that's basically saying, 'Not only were controls in place as of this date but they carried forth over a period of time and we examined and tested them over a period of time,'" he said.

Posted by Jeffrey Schwartz on 03/30/2011 at 1:14 PM


Featured

  • Secured-Core PCs Promise To Stop Malware at the Firmware Level

    Microsoft and its hardware partners recently described new "Secured-core" PCs, which add protections against firmware-based attacks.

  • How To Ransomware-Proof Your Backups: 4 Key Best Practices

    Backups are the only guaranteed way to save your data after a ransomware attack. Here's how to make sure your backup strategy has ransomware mitigation built right in.

  • Microsoft Buys Mover To Aid Microsoft 365 Shifts

    Microsoft announced on Monday that it bought Mover to help organizations migrate data and shift to using Microsoft 365 services.

  • Microsoft Explains Windows 7 Extended Security Updates Setup Process

    Microsoft this week described installation instructions for volume licensing users of Windows 7 Service Pack 1 to get Extended Security Updates (ESU) activated on PCs.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.