What are the client benefits of a certified managed service provider?
The Unified Certification Standard (UCS) for Cloud & Managed Service Providers is a model of how an IT service organization should operate. The principles found in this model make it the best way for evaluating cloud and MSP companies.
An SSAE 16 Certification is a recognized auditing standard in the United States for service providers which demonstrates they have completed an in-depth audit of their control activities by an authorized outside third-party. It is accepted as the authoritative guideline for meeting various regulations across a wide range of industries.
This certification verifies that the Provider’s claims regarding their controls in hosting and IT infrastructure services, security practices, physical and logical facility access, environmental controls, data backups, customer service practices, and management policies are assessed to be operating sufficiently.
When a managed service provider embraces the UCS standard as a platform for their operation and uses them as the foundation for their SSAE 16 certification, it becomes an assurance for the client that their Provider is handling Client information technology in a Best of Class manner.
The direct benefits a client receives from a UCS/SSAE 16 Certified Provider is a third-party confirmation that:
- The services the Provider promises and delivers are carried out in a controlled fashion. Their controls have been verified to be fair, secure, and properly designed to meet their intended purpose,
- The Provider conducts its daily business in an accountable manner, and the Provider is financially stable
These third-party reports are:
- recognized independent assessments that the controls are operating effectively, and
- Available to the client for their use in complying with various regulating agency requirements (including Sarbanes-Oxley, HIPAA, among others).
Mainstream Technologies holds UCS/SSAE16 certifications which assure our clients that we have passed the most rigorous audit standards in the industry today to protect their information assets in the most secure manner possible.
The MSP Alliance is an International Association of Cloud & Managed Service Providers whose mission is to promote the Cloud Computing and Managed Services Industry. The MSP Alliance created the Unified Certification Standard (UCS) certification for the managed services industry. The UCS is based on 11 core principles (objectives) of how an IT service organization should operate and is the best model for evaluating cloud and MSP companies. Developed for MSPs by MSPs, it’s the longest-standing program of its type in existence today.
The UCS has been reviewed by governmental agencies and regulatory bodies across the world and has become broadly accepted in the banking, healthcare, and accounting industries.
The 11 principles of the UCS are:
- Organization, Governance, Planning and Risk Management
- Documented Policies and Procedures
- Service Change Management
- Event Management
- Logical Security
- Change Management
- Data Integrity
- Physical and Environmental Security
- Service Level Agreements
- Customer Reporting and Billing
- Financial Health
The SSAE 16 is the Reporting Audit on Controls at a Service Organization by the AICPA (American Institute of CPAs).
According to the AICPA, this examination confirms that “management’s description of the service organization’s system fairly presents the system that was designed and implemented throughout the specified period.
The controls related to the control objectives stated in management’s description of the service organization’s systems were suitably designed throughout the specified period.
When included in the scope of the engagement, the controls operated effectively to provide reasonable assurance that the control objectives stated in management’s description of the service organization’s systems were achieved throughout the specified period.”
For more, a more detailed description, refer to http://www.aicpa.org/research/standards/auditattest/pages/ssae.aspx
As with the UCS, the SSAE 16 is a confirmation that the services offered by the Provider meet a minimum set of standards. Achieving these certifications demonstrates the Provider’s commitment to helping their clients meet their business goals by fulfilling the regulatory obligations they are ultimately responsible for.
UCS/SSAE 16 Compliance:
- demonstrates the Provider’s commitment to a high-quality level of service,
- is inherently customer-focused, and by
- combining the two demonstrates a best practice for cloud and managed service providers, which
- will meet or exceed their clients’ information management needs…..as well or better than they can meet their own
Mainstream Technologies is SSAE 16 certified and was the first managed service provider worldwide to achieve their UCS certification. Our President, John Burgess currently serves on the MSP Alliance Board of Advisors.
The UCS/SSAE 16 certification reports provide our clients with transparency in our operational structure, internal processes, control activities, and financial stability in standardized reports that meet many regulatory obligations including Sarbanes Oxley and HIPAA.
Mainstream Technologies is one of the fastest-growing IT Services companies in the Mid-South, serving clients from its headquarters in Little Rock, AR. Mainstream is currently ranked #6 among privately-held Arkansas companies on the Inc. 5000 annual growth list. Our staff of 44 serves business customers across the nation with Managed Network Services, Custom Software Development Services, and Hosting.