Guest Column | March 17, 2014

What MSPs Need To Know About The Unified Certification Standard

Unified Certification Standard

Q&A with Charles Weaver, CEO of the International Association of Cloud & Managed Service Providers (MSPALLIANCE)

Q: How does the UCS (Unified Certification Standard) compare/complement the SSAE 16 audit? (Does one replace the other or does UCS add something to the SSAE 16 audit?)

Response: The UCS is a standard developed nearly a decade ago by MSPs as a way to establish best practices for operating a managed IT services company. The standard has evolved over the years and today can be issued as a standalone UCS report or as a SSAE 16 report. The important thing to realize for MSPs and customers is that SSAE 16 (and SAS 70 before it) is not a standard; it's just a way to deliver an audit. Accountants, who are good at auditing, operate SSAE 16 but not necessarily knowledgeable about cloud or managed services businesses. Our Board of Advisers (all of whom are UCS certified MSPs) is in charge of maintaining the UCS standard. 

Today, we deliver UCS audits on 5 continents to hundreds of MSPs but less than half of those actually receive a SSAE 16 report.

Q: Would this standard have prevented an MSP from partnering with a cloud provider like Nirvanix, which closed its doors last October? Explain.

Response: The MSPAlliance certification process has helped countless MSPs and customers over the years in a variety of ways. What happened with Nirvanix happened because they provided many technical certifications to their customers and partners but nobody was looking at the way they were running their business. As a result, lots of entities were harmed and being caught off guard by the company’s closure. The UCS can, if used properly, help customers and partners understand the overall health and capabilities of a MSP before they conduct business with them. 

Q: If an MSP is interested in a cloud provider that has not yet gone through the UCS audit process, what are the steps, costs, etc. for finding out whether the cloud provider would be willing to undergo such an audit?

Response: If a customer or MSP is interested in working with another cloud or MSP, the first thing they should ask for is their UCS report. The UCS report is different from SSAE 16 reports in that it is a public report and can be given out to anyone without fear of harming the security or intellectual property of the provider. 

If a MSP does not have a UCS report, they can contact MSPAlliance for more information. Because the UCS can be delivered with different levels of assurance from the auditor, and because some MSP organizations are much larger and more complex than others, UCS pricing is on a case-by-case basis. 

However, typically a UCS certification and report can be delivered at a cost point that is significantly less than a full fledged SSAE 16. 

Founded in 2000, the MSPAlliance has more than 25,000 corporate members across the globe, and is the world’s largest industry association and certification body for Managed Services and Cloud Computing professionals.

The Unified Certification Standard™ for Cloud & Managed Services Providers is a certification and audit (similar to a SAS70 Audit) for the cloud computing and managed services industry. Developed by MSPs for MSPs, it’s the longest standing program of its type in existence. The UCS has been reviewed by many governmental agencies and regulatory bodies located throughout the world. MSPAlliance created the highest standard and non-technical certifications in the managed services industry and is broadly accepted in the banking, healthcare and accounting industries.