There are managed service providers (MSP) and there are really good managed service providers!

Paying a standard fee for your technical support through your Managed Service Provider (MSP)  is an idyllic solution in today’s business and organisations.

It allows the organisation to focus on business, core business, what you do to make money, without having to worry about technology, policies and people.

The original idea for managed services, you pay a monthly fee for all technical support is failing as greed sets in.

A true managed service provider should be doing it all for you.

Anything that is part of your business and the technology required to achieve your goals should be their responsibility.

Most MSP’s have change the contractual obligations in their service level agreements (SLA) to improve their bottom line at the detriment of the client.

The small print usually states all care but no responsibility.

To increase profits they have changed the way the SLA is applied to business.   They have moved the risk back to your organisation.

Instead of mitigating the risk of something happening by putting in self repairing software or moving your data to the cloud without soverienty, compliance and governance implications they have put it back onto your organisation where you now pay the additional costs.

If your MSP has a clause in their SLA that states you have to pay for time on site, additional costs for policies and plans then they have moved the risk back to your organisation.

Check your SLA / contract have they moved the risk back to you.

The clients interest.

When it comes to a SLA, it should change the onus of technical support away from your organisation to the expertise of the MSP.

The MSP have the skills, training and capabilities to make the technology that your organisation uses to increase revenue and in that profit for your organisation.

A MSP should remove the responsibility on the clients side by having the expertise to fix problems.

They are also the trusted adviser.

In that role they should be advising on the businesses requirements to improve the capability of your business to increase profits and build rapore between you and the them.

This should all be done without pushing a particular vendor, supplier or system.   It should all be based on YOUR requirements!

The capability of the MSP organisation to ensure both functionality and security in the client organisation is the reason that they are there.

There should be a single point of contact, email or phone, that can be contacted to resolve any issue from user to internet.   This single point of contact should have the authority to speak on your behalf to resolve the issues and to improve your bottom line.

The MSPs interest

The MSP role is all about visibility.

Visibility of the system by reporting in all facets of the systems and security.

The reporting has to be done in such a way that management decisions can be made simply and easily.

There are no vanity stats in this process.   The facts are of paramount importance and to get those facts, systems have to be implemented and managed correctly.

The visibility of the people is as important as the technology in showing what is happening behind the scenes and gives an indication in education and training requirements.

The MSP should also be implementing policy and procedures ranging from disaster recovery (DR) and business continuity (BC) to audit capabilities and user policy.

This is not an additional component of the environment, an MSP cannot do its job for the client if it does not understand the importance of your data, where it is located and who has access to that information.

 Why is this important?

Yes, a SLA with these requirements is more expensive.

If you think about it, it has to be.    They are taking their role in your business seriously.

They are allowing the management team to delegate the business requirements to a group of people who should have the expertise to actually do the job, improve the efficiency and security of the organisation and do it with the expertise required to ensure your organisation is going in the right direction.

if you are paying for a SLA that is not doing all of this then you need to look to an organisation that will.   Look to a better way of managing your systems.

Why we need to treat business risk properly!

Risk Management – Today’s Balancing act is all about Business Risk

Why is it that until you are knee deep in a full blown cyber event, it is still just someone elses problem.


Until you have limited or no access to business resources, do we still think that it is someone elses problem.

When does it become a business problem?

When does it become something that YOU, as a manager, C level executive or board member, have to think about.

I have been asking that for years.

Risk management and reducing the impact of residual risk has been around for centuries.   We have always looked at natural disasters as a risk to the business.

When it comes to the digital components, the ones we use to do business, the ones that have a critical impact on every organisation, the ones we use to invoice, communicate and socialise with our clients and staff, why do we fail to see the impact.

We get blinders, a narrow viewpoint, we fail to see the risk that the digital world can deliver to the organisation.

We fail to see the significance of the risks that comes from our digital world.

If we do see it, it has to be an ICT problem.

We are talking about computers and data, therefore it has to be an ICT issue.

This is definitely one of the strangest attitudes in today’s world.

We can no longer treat business risk with the same attitude we have always done.

Today’s Business risk is a whole of business problem and needs a whole of business approach to manage it.

No matter the risk, all risk has an impact on your organisation.   All risk has to be treated.

No matter the system involved.

Business risk has to be treated by one of the following treatments.   Mitigate, accept, transfer or reduce,

Before you can apply a treatment to it you first need to acknowledge the risk itself.

To do that you have to think them through.

Every little thing that could and would impact the organisation and how the organisation will react needs to be processed.

This includes risks to reputation, data loss, finances as well as the impact of ransomware.

Have you taken all of your risks into account.