• Author
  • July 12, 2021 at 5:12 pm #988

    I think the legislative suggestions of what should be in each contract need to be wiped, or we will freeze the development of the industry.

    For instance,

    • A provider giving managed SOC services under contract would not be providing backup.
    • A provider doing managed networks might not be responsible for backups, like in a co-managed scenario.

    Actual language of what needs to be done could be relegated to the non-legislative organizations like this one or like the similarly structured accounting CPA orgs, that will provide GANP (Generally Accepted Networking Practices) similar to GAAP (Generally Accepted Accounting Practices).

    These practices will change very rapidly with technology changes, and divisions of responsibilities will cause some providers to only provide a small subset of the service a company will use.

    Like these CPA or Bar associations, these organizations will police best practices, give continuing education, etc.

    Orgs like this one could provide the tests to members to prove they are doing best practices, and by combining the best strategies, give a covering net of what is supposed to be done.

    Such things could be enforced by “promises and covenants” entered into between the provider and the approved associations.

    The legislation could offer to extend to these certifying organizations the abilities to sugest minimum standards and where they could be seen to be mitigated as tech develops.

    For instance. If a client stores all their files in O365 sharepoint, it could be said that it is backed up by one group (it can be restored for instance) but another group might see a need for a 3rd party backup. Potentially both could be seen as reasonable backup strategies, but only one is a seperate provided backup, and through time, one or the other may become best practice.

    Backup in its nature is not a result in itself, I would argue, but rather a method for providing continuity within the business. It might be better to have the provider ensure continuity in some way, but even this gets in the way of technological advancement.

    Perhaps the best way is to deal in policies and procedures that address basic IT needs, but I am not sure.

    It would be good to look at the already existing legislation that establishes the Bar and CPA type associations, to see whether it is better to put more broad ideas into the legislation, and not tie it to particular technoligies like backups.

  • July 12, 2021 at 5:12 pm #403

    It’s a good start, tho it may be lacking in some areas, such as “what happens for noncompliance”

  • July 12, 2021 at 5:12 pm #327

    We are hosting a Zoom Meeting.

    July 21, 2021

    9:00 AM Pacific Time (US and Canada)

    Register in advance for this meeting:


    The agenda is simple: Discuss the proposed legislation and start working on next steps. Join us. No charge, of course.

  • July 12, 2021 at 5:12 pm #323

    Read through the proposed legislation on the IT Service Provider Registration and Compliance Act.
    Do you agree with it? Is it missing anything? How can it be improved?

  • You must be logged in to reply to this topic.