With every passing day, cybersecurity becomes a larger concern across the board. That’s especially true right now, amid the chaos of the COVID-19 pandemic and with much of the nation working from home. And MSPs are increasingly being pressured to show how their vendors address these cybersecurity concerns.
Indeed, in my 20 years in IT, and particularly in the past eight years that I’ve focused on IT security and compliance, the industry has trended toward increased vendor risk management. For MSPs, risk audits not only bring down insurance premiums, they also provide peace of mind to customers—and are often requirements in the government and healthcare sectors.
For Liongard, we’ve known from Day 1 that we wanted to provide that peace of mind to our MSP clients and demonstrate our maturity as a vendor. Because more and more MSPs raise the question, “How are you ensuring privacy and security?” here is some insight into what we’re doing to go the extra mile in keeping data secure and information private.
NIST Accreditation
Liongard chooses to follow the National Institute of Standards and Technology (NIST) cybersecurity framework set by the U.S. Department of Commerce. Considered the gold-standard in our industry, the voluntary NIST framework consists of standards, guidelines and best practices that businesses must be able to quantify and validate in order to become accredited.
SOC2 Certification
Most MSPs are familiar with SOC2 Type I certification, the first of two steps in security and privacy certification developed by the American Institute of CPAs (AICPA). This verifies the security, availability, processing integrity, confidentiality, and privacy of a system at a specific point in time. Liongard completed this in 2019.
More coveted and difficult to obtain is SOC2 Type II certification, which requires more evidence than Type I. Specifically, the auditing organization chooses five types of software or data pieces, and the business must demonstrate its adherence to standards across the board over a period of at least six months.
A company with SOC2 Type II certification, in short, has demonstrated that its systems have been designed and verified to keep sensitive data secure. Liongard is currently in the process of earning this certificate, with expected completion in Summer 2020.
This rigorous audit can be costly, but its an investment we consider well worth the price tag for two reasons:
- It keeps the PII (personally identifiable information) and privacy of our own employees, leadership and investors secure; and
- It protects our MSP clients’ data and provides that extra peace of mind to them as well as their customers.
HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in 1996, among other things, requires the protection and confidential handling of protected health information. Although not mandated for Liongard because we don’t touch or store patient data directly, we choose to be compliant with all HIPAA regulations in order to help our own MSP clients demonstrate due diligence to their healthcare customers. This chain of risk mitigation is only becoming more common, so we felt a proactive approach would benefit all parties.
More Ways We Maintain the Trust of Our Clients
It’s part of our company mission to be forward-thinking and zealous on behalf of our MSP customers. In addition to adhering to NIST’s cybersecurity framework, becoming SOC2 certified and following HIPAA regulations, we’re taking these extra measures for increased cybersecurity:
- PCI Compliance
The PCI Security Standards Council develops and drives the adoption of data security standards and secure card payments. Whenever Liongard runs a credit card for payment, our clients can be confident that we have security in place to protect their private payment information. - GDPR Compliance
The General Data Protection Regulation (GDPR) became effective May 25, 2018, with the purpose of strengthening the security and regulation of data protection across the European Union, giving people greater rights to access and control their personal information. Liongard is committed to ensuring compliance with these laws and regulations through our GDPR Data Processing Policy. - FIPS Compliance
The Federal Information Processing Standard (FIPS) (140-2), a part of NIST, is the benchmark for validating the effectiveness of cryptographic software. With our FIPS certification, Liongard Roar users know that our platform has been tested and validated by the U.S. and Canadian governments.
As our industry and our clients grow, Liongard will add more niche certifications to better meet MSP and end-user needs, giving both parties one less thing to worry about. That means you can focus on running your business, serving your customers and attracting new prospects, with the confidence that Liongard will keep your data—and theirs—secure.
For more information on how Liongard protects MSP data and privacy, visit our Trust Center.
Art Chavez, Information Security Architect, Liongard. Read more Liongard guest blogs here.
