16 01732 759725 Proof, not promises New trustmark launched to raise security and operational standards in MSPs Trust is a word you hear a lot in the managed services space, when what people really mean is a leap of faith. MSPs and technology providers like to position themselves as partners that businesses can trust to secure their systems, protect their data, guide their IT strategy, future-proof their investments. But on what basis? Must customers take MSPs at their word or is there objective proof of their capabilities SMEs can rely on when selecting a ‘trusted partner’? On the other side of the equation, what can MSPs with a long history of customer success do to validate their capabilities and differentiate themselves from rivals that haven’t made the same investments in systems, personnel, skills and accreditations? How can they show their value and stop SMEs just buying on price? Mit Patel, founder and CEO of Assurix, a new trustmark for managed service providers, says these questions have become highly pertinent for the growing number of MSPs that offer managed security services, before you even consider the impact of new regulations like the Cyber Security and Resilience Bill. As he told Technology Reseller, one of the big challenges for everyone concerned is that cybersecurity is essentially invisible, which can make it hard for customers to gauge how well an MSP is doing its job. “Service is very visible. If you don’t respond to a ticket, if you don’t return a phone call, if you don’t reply to an email, an SMB will get on the phone and ask what’s going on. But security is invisible. You don’t know if your machine is getting patched. You don’t know if you’ve got the right security settings turned on. You don’t know if the MSP itself is secure.” A reliable guide Patel, who grew Netstar from a breakfix IT company into an MSP with more than £8 million recurring revenue before selling it to Air IT, points out that the usual assurances customers look for, such as ISO accreditations and industry awards, aren’t necessarily a reliable guide to performance. Nor, he suggests, are existing MSP assurance schemes, which tend to be limited in scope and focused mainly on cybersecurity. In contrast, Assurix aims to provide a broad assessment of an MSP’s capabilities, including operational performance, cybersecurity maturity and business resilience, and uniquely includes live monitoring to ensure standards don’t slip following certification. Of the 68 controls monitored by Assurix, more than 20 are tracked live. “Assurix is designed to provide ‘proof, not promises’, which we’ve done by building a live trustmark on two frameworks: one, from a security perspective, is completely aligned to the Cyber Assessment Framework, which is what the government wants to put in place; the other, based on an operational maturity framework, looks at things like SLAs, the clarity of the MSP’s invoicing and whether they are patching the machines they’re meant to. We make it live by integrating with the tools MSPs use to run their businesses – the PSA, the RMM – so we know they’re doing what they’re meant to be doing every day, not once a year, which is what happens in most other audited schemes.” If a certified MSP lets standards slip in one of those control areas, they are given 30 days to fix things before the Trustmark is suspended. A win-win Patel describes Assurix as a ‘win-win’ for everyone: SMEs gain a quick means of identifying MSPs with the highest standards, helping to boost security levels throughout the supply chain; and MSPs have proof of their operational and security credentials, enabling them to win deals more quickly, maintain margins and enjoy preferential terms from suppliers. Already, Beazley is offering certified organisations a 25% discount on professional indemnity and cyber insurance. He adds that Assurix certification can even boost company valuations as it gives a potential buyer evidence that an MSP has been doing the right things from a security and operational point of view over a period of time. Onboarding Assurix was officially launched on October 2, with the intention of signing up 100 MSPs. Costs, based on the number of clients an MSP has, start at around £400 a month, plus a one-off set-up fee starting at £3,000. So far, 78 MSPs have paid the refundable £500 deposit, leaving just 22 slots available for the first cohort, with onboarding to start in Q1 2026. The time taken to achieve certification varies depending on the maturity of the MSP, MSPs Mit Patel
RkJQdWJsaXNoZXIy NDUxNDM=