The Schwartz
Cloud Report

Blog archive

MSPAlliance Releases New Audit Standards

The MSPAlliance has instituted a new certification standard for cloud and managed service providers that aims to provide more transparency to customers.

The MSPA's Unified Certification Standard, or UCS, provides an auditing framework by which MSPs and cloud providers can offer more public-facing information about how their operations are run and safeguarded.

"It will encourage MSPs to be more transparent with how they do things, especially the cloud providers," said Charles Weaver, president and co-founder of the MSPA, in an interview.

"Cloud providers need to have more openness in who has access to data, where do the datacenters reside, where is the helpdesk," he said. "Just basic things like that. They're historically not open with that information unless they are asked. Now they can do it in a much safer way."

The MSPA has arranged for the accounting and auditing firm of Frost PLLC to perform audits for members based on the UCS standard. The audits will gather information on various control objectives such as how duties are segregated by the service provider to ensure there are checks and balances, how data is encrypted and where data is stored.

UCS mimics a SAS 70 report, Weaver said. Level 1 UCS audits are based on information gathered during a fixed certification period by which a provider shares what controls are in place. Level 2 tests those controls over a period of time and are forward-looking, Weaver explained.

"So there will be a greater level of assurance to the end user in a Level 2 [audit] because that's basically saying, 'Not only were controls in place as of this date but they carried forth over a period of time and we examined and tested them over a period of time,'" he said.

Posted by Jeffrey Schwartz on March 30, 2011 at 11:58 AM


Featured

  • Microsoft Vows To Ease European Cloud Infrastructure Burden

    Microsoft announced new revamps to its Microsoft Cloud Solution Provider partner program to pacify European regulators.

  • Citrix HDX Option Coming to Windows 365 Subscribers

    Citrix's "high-definition user experience" (HDX) technologies will be available as an option for Windows 365 desktop-as-a-service users, according to a joint announcement by Microsoft and Citrix.

  • Ransomware Report: Don't Pay the Attackers

    According to a recent report, paying the ransom for an organization's hijacked data doesn't ensure return of the stolen data.

  • Veeam Adding Intelligence to Microsoft 365 Backup Solution

    Backup and recovery giant and major Microsoft partner Veeam unveiled a raft of new features to its solution portfolio at its VeeamON conference this week.