search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
MSPs


any business that handles customers’ payment card data. Tis includes merchants, processors and service providers, but also companies that create, design and manufacture soſtware and devices used in payment card transactions. Following a phased implementation that began in March 2024, adhering to all PCI DSS 4.0 best practices is now mandatory, and since the new version introduced tightened controls, MSPs in the payment ecosystem have had to raise their game. Overlay all of this with the incoming Cyber Security and Resilience


Bill’s new provisions, which explicitly pull MSPs into scope and will hold them to much stricter security and compliance standards. Tis includes proactive vulnerability management, supply chain vetting, stricter incident reporting and implementing security-by-design. Clients will soon start asking their MSPs for proof of compliance, and those unable to demonstrate it will lose credibility – and potentially contracts, too. Finally, cyber insurance has joined the compliance conversation,


as being able to demonstrate a good security posture to insurance providers is fast evolving into a quasi-compliance requirement. Insurers increasingly demand evidence of adequate security controls, such as ISO 27001 certification or structured incident response plans, before offering cover. Worse, when businesses fall short, claims may be denied. For MSPs, that means helping their clients treat insurance requirements not just as a safety net, but as an important part of their overall compliance posture.


Why compliance feels so hard With clients desperate for help, the compliance opportunity for MSPs is significant. Selling compliance services can unlock valuable new business opportunities and drive new revenue streams. But that doesn’t make it easy. Looking into the main challenges for MSPs, Kaseya research found


that 78% of providers cited client education as their biggest hurdle when offering compliance services. Clients may not understand the full complexity of regulations relevant to them, or the extent of work necessary to meet compliance requirements. Meanwhile, 58 per cent of MSPs also struggle with resource constraints as they do not have enough staff, tools or time to manage all their clients’ compliance needs. Around half (51%) agree that the steep learning curve is itself a barrier, while 41 per cent admit it’s challenging to stay up to date with the constant regulatory changes. Considering these challenges, the uncomfortable truth is that MSPs


can’t simplify compliance. However, by taking the right approach, they can make it much more manageable, both for themselves and their customers. Te first step in this is cultural. Traditionally, MSP work has


revolved around fixing what is broken. Compliance, on the other hand, requires something entirely different: architecting solutions properly from the ground up. Security tools help, but they can’t compensate for poor IT design. Tat means taking a step back and looking at the client’s whole IT infrastructure – not just the systems under your direct management. Compliance frameworks assume holistic security, not patchwork fixes. Next, MSPs must build the right services into their solutions


portfolio so they are ready to support all of their clients’ compliance- related needs. Here is what high-performing MSPs get right: • 91% offer security awareness training


www.pcr-online.biz


• 88% deliver risk assessments • 86% provide continuous monitoring • 78% assist with policy creation and documentation • 71% support remediation planning • 60% help with audit preparation. Te key? Tey’re not just selling tools, but ongoing services, advice


and expertise. Tey are also making sure their clients recognise what these services are worth. Free compliance assessments only undervalue the work delivered and set unrealistic expectations. And MSPs must make their clients understand that compliance is not a one-time exercise; it is an ongoing effort.


Focus – and invest in skills and capabilities Trying to master every compliance requirement at once, however, is a recipe for failure. Successful MSPs start by specialising. Te best advice is to pick one framework and become the authority on it; then expand from there. A helpful tactic is to put your own organisation through the compliance process first. Tis is time well spent: Completing an assessment step by step not only builds essential expertise but also highlights pitfalls your clients are likely to face. To acquire the right capabilities, MSPs should also invest in


specialised tools and soſtware infrastructure up front, then bake the cost into the services they sell. A functional and affordable governance, risk and compliance (GRC) platform that integrates into their existing technology stack is essential. It helps manage risk assessments, vulnerability scans, penetration testing and compliance tracking – and also provides the reporting clients (and regulators) expect. When selling compliance services, MSPs should always align them


with the desired customer outcomes. Ask: Why does the client need compliance? Is it about regulatory necessity, contract eligibility or risk reduction? Knowing their ‘why’ helps you tailor the offering and demonstrate value. Clarity matters, too. It’s crucial to define responsibilities between


the client and the MSP early, such as: Who owns compliance for cloud services, BYOD devices, or shadow IT? Grey areas can lead to disputes and liabilities later on.


Keep evolving Te compliance landscape is fluid. New regulations are emerging all the time, and so are global best practices. Te NIST Cybersecurity Framework (CSF), for example, isn’t a UK mandate, but many businesses adopt it as a gold standard to not only boost their resilience but also to strengthen their competitiveness in international markets. Similarly, CIS Benchmarks offer practical configuration standards that help establish secure baselines. By adopting these, MSPs can stay ahead of both threats and regulations and are well placed to support their clients with further compliance needs. Compliance may never be simple. But for MSPs willing to specialise,


educate clients and invest in the right tools and expertise, it’s an opportunity to stand out. In a crowded market, the ability to guide customers through regulations and resilience is fast becoming a critical differentiator. Clients want a partner who can keep them secure, compliant and


confident in the face of evolving requirements. Tose MSPs who can deliver that won’t just survive the compliance wave; they’ll ride it to growth.


November/December 2025 | 43


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52