As a Managed Service Provider (MSP), your clients entrust you with a crucial responsibility: ensuring the security and smooth operation of their IT systems. This responsibility extends to the vendors that provide the software, hardware, and services vital to these systems. Vendor risk management, thus, becomes a critical aspect of your role.
Federal regulations, such as HIPAA and GLBA, mandate rigorous vendor due diligence. Beyond statutory requirements, MSPs may need to demonstrate that they’ve acted reasonably under given circumstances while selecting and deploying vendor tools. One of the most significant legal risks our Contracts-as-Service solution addresses is those posed by your vendor partners.
High-Profile Security Incidents Highlight the Need for Robust Vendor Risk Management
There have been several high-profile security incidents that underscore the importance of robust vendor risk management. These incidents have had a significant impact on tools widely used by MSPs, including:
- Kaseya: The ransomware attack in July 2021 impacted over 1,000 customers due to a vulnerability in Kaseya’s software.
- ConnectWise: A security incident in February 2021 led to unauthorized access to some customer data due to a vulnerability in a third-party plugin used by ConnectWise.
- SolarWinds: A supply chain attack in December 2020 affected thousands of customers due to a vulnerability that allowed attackers to inject malicious code into the software.
- Accellion: A security breach in December 2020 exposed sensitive data of clients because of a zero-day vulnerability in Accellion’s file transfer application.
These incidents, among others, highlight the need for rigorous vendor risk management in the managed services community.
Introducing the Schedule of Third-Party Services
In response to these incidents, particularly the Kaseya attack, we revisited our MSP contract templates to strengthen how vendor risks were managed. The result is the Schedule of Third-Party Services, a vital component of our Contracts-as-Service solution.
Our Schedule of Third-Party Services includes a clear and unequivocal waiver of your customer’s right to sue you for acts or omissions of Third-Party Services. To ensure clarity, we use boldface type and plain language right at the start of the document. This transparency enables our clients to disclose all the vendors they use, the services these vendors provide, and the terms and conditions governing your clients’ relationship with the vendor.
This broader disclosure is designed to meet the known right standard that many courts use to assess the enforceability of waivers of the right to sue, which are generally disfavored by courts.
Customized and Regularly Updated
Our Schedule of Third-Party Services comes pre-populated with over 170 vendors in the managed services community. We customize the Schedule for each client and update it four times per year as MSPs modify their vendor stack. This ensures that you’re always up-to-date with the latest vendor information and can make informed decisions about your vendor relationships.
Leveraging Contracts-as-Service for Comprehensive Legal Protection
After representing over 200 MSPs, we’ve developed our Contracts-as-Service solution that provides comprehensive legal protections based on industry-leading templates. These templates are customized for each client and regularly updated, ensuring that MSPs always have the latest protections and legally compliant customer contracts.
Our solution goes beyond merely providing contractual protections. It helps MSPs cultivate a culture of transparency with their clients, foster trust, and ultimately deliver better services. By making the vendor management process more transparent and understandable, our Contracts-as-Service solution helps MSPs build stronger relationships with their clients.
The role of an MSP in managing vendor risks is increasingly critical in today’s complex IT landscape. With a surge in high-profile security incidents impacting tools widely used by MSPs, it’s clear that more robust and transparent vendor risk management practices are needed.
Our Contracts-as-Service solution is designed to address these challenges head-on. With its comprehensive Schedule of Third-Party Services, it takes the guesswork out of vendor risk management. It not only provides MSPs with a detailed overview of the vendors they use but also shields them from potential legal repercussions through a clear and unequivocal waiver of liability.
This approach allows MSPs to focus on what they do best – providing high-quality IT services to their clients. At the same time, it offers peace of mind, knowing that they are shielded from potential legal risks arising from vendor-related incidents.
The Contracts-as-Service solution has proven to be a game-changer for the MSP community. Over 120 MSPs have already reaped the benefits of this innovative approach. From providing comprehensive legal protection to fostering transparency with clients, our solution is designed to help MSPs navigate the complex world of vendor risk management effectively and confidently.
Moreover, the Schedule of Third-Party Services is not a static document. Recognizing that the IT landscape and vendor relationships can change rapidly, the Schedule is updated four times a year to reflect changes in the MSP’s vendor stack. This means that MSPs always have access to the most up-to-date information, enabling them to make informed decisions about their vendor relationships.
In conclusion, vendor risk management is a crucial aspect of an MSP’s role, and our Contracts-as-a-Service solution is designed to make this task easier and more transparent. If you’re an MSP looking for a robust solution to manage your vendor risk, it’s time to explore our Contracts-as-Service solution. Schedule a demo today and let us show you how our Schedule of Third-Party Services can revolutionize the way you manage vendor risk.