The MSP’s Guide to Compliance in 2023

Written by Molly Murphy on February 16, 2023

Share This Article

As an MSP, your clients rely on you for all things related to IT – and more and more frequently, that includes compliance. 

But for many MSPs, compliance knowledge isn’t a common skill set in their arsenal, and as clients come to you panicked and looking for answers, you need to be prepared with a plan. 

Luckily, you’ve come to the right place. 

As we settle into 2023, we here at JumpCloud are fully committed to preparing you for the most common compliance requests your clients will bring to you this year. In this guide, we’ve broken compliance readiness into five simple steps. Browse all our resources, or hop right to the things you need most right now. And when you’re done with this article, be sure to check out our 2023 Compliance for MSPs Page, where we’ve rounded up even more compliance resources, just for you. 

1. Become Fluent in Compliance 

Compliance can be overwhelming for your clients – and for you as an MSP too, if you don’t know where to begin. That’s why it’s critical that you learn as much as you can, as early on as possible. Start your compliance training with these three introductory blogs. 

  • What is IT Compliance? | If you’re brand new to compliance, start here. This blog will give you a detailed overview of what compliance is, why it’s important, potential roadblocks, and the most common regulatory requirements. 
  • What is Cloud Compliance: A Comprehensive Overview | If you’re familiar with on-prem compliance but need to know how it translates to the cloud, this is the blog for you. Learn what makes on-prem and cloud compliance different from one another, compliance challenges unique to the cloud, and how to ensure cloud compliance. 

After reading these blogs, you should have a great foundation in what compliance is, why it matters, and the top-level steps to ensuring it for your clients. Now, you’re ready to share your knowledge with your MSP customers. 


The IT Manager’s Guide to Data Compliance Hygiene

How to ace your audit

2. Build Client Trust with your Knowledge  

As an MSP, your primary responsibility to your clients is to be a knowledgeable partner that can guide them through compliance, regardless of which regulations they’re tasked with meeting. First, read the eBook that’ll share the compliance benefits of enforcing IT hygiene, so when you start to make changes, your customers will know why. Then, drill down into the regulations that specifically affect your clients, so you can be prepared to meet them.  

  • IT Manager’s Guide to Data Compliance Hygiene | While this resource is written for IT admins, as an MSP, you are your client’s admin, so the information applies to you, too! Learn the benefits of data hygiene as it relates to compliance, the 7 things you can do today to help your clients achieve many of the most common requirements, and challenges you should expect to encounter.  
  • HIPAA | Learn about the administrative, physical, and technical requirements needed to achieve HIPAA compliance – and why these regulations matter. 
  • NIST | Learn all the requirements necessary for user passwords to be NIST SP 900-63 compliant. 
  • SOC 2 | Learn who needs a SOC 2 report, what the report covers, how to meet SOC 1 and SOC 2 compliance standards, and what to expect during an audit. 
  • ISO 27001 | Learn which identity and access management (IAM) security controls you’ll need to implement to maintain ISO compliance, even in remote environments.  
  • Data Privacy Laws | Data privacy is a broad compliance category that has different regulations depending on the location(s) in which your clients do business. Learn about the U.S.’s state-specific privacy laws, and the E.U.’s country-specific GDPR law.
  • FDE | While not a compliance regulation itself, many regulations (PCI DSS, GLBA, HIPAA, FRCA and GDPR) require full disk encryption (FDE) in order to meet their requirements. If any of these apply to your clients, learn how to activate FDE. 

Once you’re up to speed with what your clients need to reach and maintain compliance, proactively start the conversation with them. Share that you’ve researched the compliance regulations that affect their business, and you have a plan for making sure they meet the requirements. That way, they’ll automatically link you to their compliance success. 

3. Create the Foundation Today that Best Serves the Clients of Tomorrow 

If you don’t already have a cloud-based comprehensive security solution as the core of your MSP tech stack, the initial setup needed to make your clients compliant may require a bit of heavy lifting on your end. But building this solid base today will make it easier for you to take on clients’ changing compliance needs tomorrow. 

  • Building a Security Program from the Ground Up | While this piece was written for an IT admin audience, the principles of building a new security program apply whether you’re an MSP managing IT for a client, or an in-house admin designing an internal program for your business. Read through this guide to double-check whether your current tech stack meets the modern security standards necessary to achieve compliance. 
  • The MSP’s Guide to IT Centralization | If your current tech stack isn’t centralized around a modern core platform, helping your clients achieve compliance will be much more complicated than it needs to be. Download this free guide to learn the benefits of centralization, and how to do it in your MSP. 

These articles represent an investment in the security and stability of your MSP business. While they may feel like a lot of work upfront, the investment today will make it far easier for you to onboard new clients and help them with their compliance needs for years to come. 

4. Continue to Build Your Security Framework

To keep your clients’ businesses secure and compliant, you must never stop evolving. Keep tabs on the latest and greatest in IT admin trends, upcoming threats, and the newest cyber criminal attack surfaces so you’re prepared to meet whatever challenges come your way. 

  • Shadow IT for MSPs | In our increasingly digital world, Shadow IT is becoming a bigger liability for MSPs trying to manage client’s resources – and not creating a plan for addressing it can keep your clients from achieving compliance. Learn what Shadow IT is, and how to combat it. 
  • The Zero Trust Roadmap for MSPs | Implementing a Zero Trust framework in your clients’ businesses ensures you meet virtually every compliance requirement, regardless of the governing body. Learn the benefits of Zero Trust, and how to sell the framework to your clients. 
  • Cyber Insurance for MSPs | Cyber insurance is a good idea for your business, and your clients’ businesses. Learn what this insurance covers, and why you and your clients need it. 

Your security framework shouldn’t be a “one and done” task, but something you revisit continually as new technology (and new threats) become apparent. But getting cyber insurance, making a plan to combat cyber IT, and encouraging your clients to adopt Zero Trust are actions that’ll safeguard your security framework now and in the future. 

5. Don’t go it Alone  

As an MSP, it’s all too easy to feel like you have to have all the answers to your clients’ compliance questions. But you don’t have to do it all by yourself. When you choose JumpCloud as your trusted partner, we’ll help you make achieving and maintaining compliance for your clients straightforward and simple. 

Want to learn more about using JumpCloud as your MSP partner? Try our open directory platform today, or get in touch to learn more about our MSP partner program. 

Molly Murphy

Molly Murphy is a Senior Content Writer at JumpCloud. A self-professed nerd, she loves working on the cutting edge of the latest IT tech. When she's not in the [remote] office, Molly loves traveling, rescuing animals, and growing her all together unhealthy obsession with Harry Potter.

Continue Learning with our Newsletter