October 23, 2018 by Siobhan Climer
“Best-in-class”, “enterprise-quality”, “trusted advisor”, and more. Managed services providers – Mindsight included – tout the quality and skill of their teams all the time. But how can you cut through the noise to quantify value?
Certifications offer one solution. Words matter, certainly. So, too, does action. When looking to choose a managed services provider, consider whether they have done the work to prove their value.
The Big One: SSAE18
Formerly known as the SSAE16 – and before that, the SAS70 – the Statement on Standards for Attestation Engagements (SSAE18) formalizes the audit process of the American Institute of Certified Public Accountants (AICPA). And it’s not enough to say a company is SSAE “compliant”; “certified” is what counts.
The SSAE 18 Audit Report identifies if the service organization meets the best practice standards of the industry. It ensures that companies are monitoring all third-party vendors. This means that when a client partners with an SSAE 18 AICPA certified organization, the third-party vendor risk analysis has already been performed. A managed services provider should provide you an auditor’s letter to prove certification.
The audit covers seven main areas of an organization’s structure:
Risk Assessment – Assessment of service organization controls and identification of all associated subservice organizations.
Output Reports – Examination of protocols relating to all external communications, including financial reports and client communications.
Periodic Subservice Meetings – Analysis of service organizations’ communications with subservice organizations.
Regular Subservice Site Visits – Analysis of service organizations’ external site visits to confirm subservice organization claims.
Test Subservice Controls – Verification of subservice organization controls through regular testing.
Subservice Organization Document Reviews – Analysis of all subservice organization SOC 1 or SOC 2 reports.
Monitor Subservice External Communications – Analysis of subservice organizations’ external communications, from financial reports to customer complaints.
In addition, some organizations use the less common, but equally worthy ISO2700x certification. Read more about Mindsight’s recent successful AICPA SSAE18 Certification process below.
Deployment Specializations, Industry Compliance, And Partnerships
Depending on your specific needs, you will want to choose a managed services provider that is experienced in the cloud, the data center, and hybrid solutions. In the first few conversations with possible managed services providers, ensure your business goals remain front-and-center, and that the vendor can provide the support around the goals. If you are seeking support for a complex enterprise-level network infrastructure, you need the vendor to have CCIE (Cisco Certified Internetwork Expert) certified engineers on the team. Be specific and find out if the provider can truly meet your needs.
In addition, your industry may have other regulatory compliance needs. HIPAA, FERPA, PCI DSS, SOX, and ITILv3 are just a few of the industry-specific regulations that may apply to you. As you choose a managed service provider, make sure they have experience and knowledge around these compliance needs. Mindsight’s work in healthcare, education, financial services, and manufacturing has given us multiple opportunities to demonstrate our experience with these compliance standards.
When you choose a managed services provider, it is also important to ensure the provider is experienced with the vendors you require. For example, if your network uses all Cisco hardware, you need a managed services provider who is a Cisco Partner. If your staff rely on Microsoft products, you need a vendor that partners with Microsoft. This ensures the engineers are knowledgeable regarding the hardware and support is readily available from the vendor.
To see a complete listing of Mindsight’s partnerships, visit the Our Partners page.
How To Choose A Managed Services Provider
“Mindsight is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire.”
We mean that. But we also recognize that saying it isn’t enough. Any organization seeking to choose a managed services provider should demand not only excellence, relevance, and integrity, but proof. Certifications – like the SSAE18 – provide that demonstration, making the vetting process easier.
Through the certification process, Mindsight demonstrates that when we claim we have “highly-certified engineers” and are one of the largest “expert-level engineering teams in Chicago”, we mean it.
Like what you read?
Mindsight, a Chicago IT consultancy and services provider, offers thoughtfully-crafted and thoroughly-vetted perspectives to our clients’ toughest technology challenges. Our recommendations come from our experienced and talented team of highly certified engineers and are based on a solid understanding of our clients’ unique business and technology challenges.
About The Author
Siobhan Climer, Science and Technology Writer for Mindsight, writes about technology trends in education, healthcare, and business. She previously taught STEM programs in elementary classrooms and museums, and writes extensively about cybersecurity, disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. When she’s not writing tech, she’s writing fantasy, gardening, and exploring the world with her twin two-year old daughters. Find her on twitter @techtalksio.