Cyber Constitution
What is a “Cyber Constitution”? Bottom line, it is an agreement that, in addition to a well written Master Service Agreement (MSA), gives Managed Service Providers/Managed Security Service Providers (MSP/MSSP) the ability to work with customers who have a low cyber security maturity level. We all know that there is risk in everything we do. The challenge has always been for the risk to stay associated with the “risky” party in an agreement. Would it take the place of an MSA? No, of course not. But what it can do for you is, for those parties that desire it, allow you to have a strategic relationship with a customer that has a low cyber security maturity. The document makes it clear about who is responsible for what. It also makes it clear that the customer is responsible for a commitment of time and budget to improve. Let’s face it, if we do not help low cyber security companies then who will? We have all witnessed the legislation movements attempting to assign additional responsibilities to an MSP/MSSP for customers failures in taking responsibility for their operations. We have to turn that perspective around. People who own, operation and manage their companies are responsible for its wellbeing. We as providers are responsible for educating to the reasonable level, presenting them their options, and once purchased, delivering, and supporting those products and services in a professional manner. But make no mistake, there is no universe where cyber threats are non-existent, and incidents will not happen. This document is an attempt to mitigate as much risk as possible. Use it as you see fit within the open licensing agreement provided. We hope this helps and, by all means, send us feedback on improvements from which you feel we could all benefit. So why have a “Cyber Constitution”? 1. To establish the strategic nature of a partnership between a Managed Service Provider/Managed Security Service Provider and a customer who still has cybersecurity risk associated with the operation of their company, and therefore by extension, can pose a risk to a service provider. 2. To allow a service provider to work with customers that need to improve their overall cyber security posture without taking on risk that a service provider has had no authority or responsibility for as a part of the services provided. 3. To document a commitment on the customers part for planning, budgeting, and maturing their cyber security posture thereby owning the risk of their existing circumstance. About the authors Bob Miller – Chief Operating Officer of Global Data Systems • Degree in Computer Science & Mathematics • Software Developer & Network Engineer • 30 years in high technology industries • ISP, CLEC, Aerospace, On-Demand Logistics, MSP, MSSP • Patented Inventor (Satellite Safety Device SPOT Technology) • Eight Startups, M & As, Turnarounds • Innovation Engineering Belt Holder • C-Level positions for 20 years • https://www.linkedin.com/in/robertdmiller/ Eric Tilds – Founder and Managing Member of The Law Office of Eric Tilds • IT attorney with 25 years of experience representing IT companies. • Nine years as EVP, General Counsel, Chief Risk Officer, and head of Info Security and Compliance for Logicalis. • Co-Founder of Netarx, a Cisco Gold Systems Integrator and MSP, exited to Logicalis after growing from 3 to 250 employees. • https://www.linkedin.com/in/eric-tilds-5148552
Copyright © Bob Miller, Eric TIlds 2024. All right reserved.
Download ->
By MSP/MSSPs for MSP/MSSPs
