Episode Description
Shared responsibility gets ugly when the client wants compliance, but not ownership. This week's episode is about keeping MSPs out of the unpaid compliance department trap.
We answer:
- A medical client's cyber insurer wants annual security policies, but the doctors want the front desk to handle it. What now?
- How should an MSP separate recurring compliance help from client-owned decisions and project work?
Takeaways:
- A front desk person can help gather answers, but policy authority needs an executive sponsor or true practice manager.
- MSPs can review vendor risk and explain options, but the client has to own the risk.
- Executives who carve themselves out of MFA, training, or policy rules are teaching the whole company what actually matters.
- Recurring compliance services need clear scope, with sprint work and emergency evidence collection treated as projects.
Follow or subscribe so you don't miss the next messy MSP compliance problem. Want to get your own questions answered? https://blacksmithinfosec.com/nisty/