Does anyone have experience doing DD on an MSP?
January 16, 2020
by a searcher from The University of Michigan - Stephen M. Ross School of Business in West Bloomfield Township, MI, USA
Want to understand what I should be thinking about and looking into.
in Seattle, WA, USA
Techs should be at least 50% billable, preferably 75% or more.
Evaluate certifications and reseller authorizations, (especially if they are in danger of losing an auth.).
Customer environments should be well documented, (even just an internal wiki).
Should have a secure password mgmt system with access control by customer/tech.
Should have 2FA broadly implemented - all internal critical systems.
Should have documented on-boarding process, (forms etc).
Should have a "robust" system for remote management and monitoring, (RMM).
All customers should have at least two techs familiar. I.e. no single tech has exclusive knowledge.
Lacking any of these does not mean a deal-breaker, (well, no RMM might be - they're not really an MSP without one!), but it will be a cost/risk going forward until resolved.
(Probably more, this just off the top of my head taking a few minutes between meetings. :)
from University of Texas at Austin
I would also be concerned about anything custom they are doing where a tech lead will have strong tribal knowledge about a customer's service delivery.
Cyber Security: 1) Make sure all their hosting services are on their own Subnet and VLAN that way a ransomware will only effect the customer that caused it. (this costs more, but is a must) 2) Make sure they have backups that work, customers might sue you due to a ransomware attacks that you can not recovery from. (Have cyber insurance###-###-#### Have a good outsourced cyber security provider, ransomware can't be auto-detected and blocked but most other cyber attacks can.
For the IT equipment you just need to go item by item and identify (License, warranty, and upgrade path/timeline) Licensing issues can be a ticking time bomb.