Compliance management | MSP Central

Compliance management for MSPs

Compliance management is the practice that service providers follow to ensure they adhere to relevant laws, regulations, and industry standards while delivering IT services to clients. It involves continuously monitoring, evaluating, and controlling systems and processes to minimize the risks of noncompliance and potential penalties.

Compliance certifications applicable to MSP Central

ManageEngine is certified for several compliance standards to help service providers meet privacy requirements and deliver seamless IT services. Below is the list of certifications applicable to the MSP Central platform.

Certifications

msp-customer-certi-logos

ISO/IEC 27001

ISO/IEC 27001 is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO's high global standards. ManageEngine has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes.

msp-customer-certi-logos

ISO/IEC 27701

ISO/IEC 27701 is an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards for privacy management within the context of an organization. This certification standard is designed to enhance the existing information security management system with additional requirements in order to establish, implement, maintain, and continually improve a privacy information management system. This standard enables organizations to demonstrate compliance with the various privacy regulations around the world that are applicable to them.

msp-customer-certi-logos

ISO/IEC 27017

ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services. It does so by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 as well as additional controls with implementation guidance specifically related to cloud services. ManageEngine is certified for ISO/IEC 27017:2015 — Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

msp-customer-certi-logos

ISO/IEC 27018

ISO/IEC 27018 establishes commonly accepted control objectives, controls, and guidelines for implementing measures to safeguard the PII that is processed in a public cloud. These controls are an extension of ISO/IEC 27001 and ISO/IEC 27002, which provide guidance to organizations concerned about how their cloud providers are handing PII.

msp-customer-certi-logos

ISO 9001:2015

ISO 9001:2015 is defined as the international standard that specifies requirements for a quality management system. Organizations use this standard to demonstrate their ability to consistently provide quality products and services that meet customer and regulatory requirements.

  • Applicable to: ITSM and endpoint security modules
msp-customer-certi-logos

ISO/IEC 20000

ISO/IEC 20000 is the leading international IT service management system (SMS) standard. Its objective is to ensure the quality of IT services. It specifies requirements for an organization to establish, implement, maintain, and continually improve an SMS. It supports the management of the service life cycle, including the planning, design, transition, delivery, and improvement of services to meet the service requirements and deliver value.

  • Applicable to: Network Operations Center and Data Center Operations Departments of Zoho Corporation (ManageEngine is the IT management division of Zoho)
msp-customer-certi-logos

ISO 22301:2019

ISO 22301:2019 is an international standard for business continuity management systems, offering guidelines for sustaining organizations and protecting them from potential disruptions. It helps organizations identify, assess, and manage threats that are relevant to their operations and critical business functions and could impact service delivery to customers. Setting up recovery plans and strategies ensures that businesses don’t come to a standstill during any unexpected disruptions in the future.

  • Applicable to: The endpoint security module along with the Support functions
msp-customer-certi-logos

SOC 2 Type 2

ManageEngine is compliant with SOC 2 Type 2. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Criteria.

msp-customer-certi-logos

SOC 2 + HIPAA

An independent third-party audit firm has examined the description of Zoho's system related to Application Development, Production Support, and the related General Information Technology Controls for the services provided to customers from Zoho's offshore development center based on the Security, Privacy, and Breach Notification Rules set forth in HIPAA Administrative Simplification. The responsibility of Zoho is limited to the extent it acts as a Business Associate.

  • Applicable to: ITSM and endpoint security modules
msp-customer-certi-logos

CSA STAR Self-Assessment

The Cloud Security Alliance (CSA) is a nonprofit organization formed to define and raise awareness of best practices to ensure a secure cloud computing environment and help potential cloud customers make informed decisions when transitioning their IT operations to the cloud. The Consensus Assessments Initiative Questionnaire is submitted by cloud service providers (CSPs) to document compliance with the Cloud Controls Matrix and helps cloud service customers assess the security capabilities and practices of CSPs.

msp-customer-certi-logos

GDPR

The GDPR is a pan-European regulation that requires businesses that process the data of European Union citizens to protect their personal data and privacy. ManageEngine has always demonstrated its commitment to its users' data privacy by consistently exceeding industry standards. ManageEngine welcomes the GDPR as a strengthening force of the privacy-consciousness that already exists within it. ManageEngine's offerings have privacy features that comply with the GDPR, and ManageEngine's processing of its customers' data adheres to the data protection principles of the GDPR.

msp-customer-certi-logos

CCPA

The CCPA is a data privacy law specific to the processing of the personal information of California residents. It requires businesses to protect residents' personal information and privacy. ManageEngine has always demonstrated its commitment to its users' data privacy by consistently exceeding industry standards. ManageEngine welcomes the CCPA as a strengthening force of the privacy-consciousness that already exists within it. ManageEngine's offerings have privacy features that enable its users to comply with the CCPA, and ManageEngine's processing of its Californian customers' data adheres to the requirements of the CCPA.

msp-customer-certi-logos

Signal Spam

Signal Spam reports help in providing feedback loop data, primarily technical information for the identification of spammers and marketing abuse, from major ISPs like Orange.fr and SFR.fr. It has many spam reporting plug-ins for third-party browsers and email clients, designed for French communities worldwide. It’s important for Zoho to know which recipients mark or report our emails as spam so that we can remove these recipients from our mailing lists. Thus, this certification protects our network reputation in France.

msp-customer-certi-logos

Esquema Nacional de Seguridad

Esquema Nacional de Seguridad (ENS), also known as the National Security Framework, is a set of regulations and guidelines established by the Spanish government to ensure the security of information and communication systems in the public sector. The ENS provides guidance on managing and protecting information assets, promoting risk management, and establishing security measures to safeguard sensitive information. It applies to all public entities in Spain, including government agencies, local administrations, and public organizations. Zoho is ENS-certified for the Medium category (the intermediate level).

msp-customer-certi-logos

Cyber Essentials Plus

Cyber Essentials Plus is a certification scheme backed by the United Kingdom government. It helps keep the data of organizations and their customers safe from cyberattacks. Zoho's systems are audited by one of IASME’s approved assessors to ensure that the prescribed security controls have been implemented successfully in the organization and its networks.

  • Applicable to: Zoho Corporation Limited (Zoho's UK office), excluding all other geographic locations and networks
msp-customer-certi-logos

TX-RAMP

The Texas Risk and Authorization Management Program (TX-RAMP) is a certification process designed by the Texas Department of Information Resources to ensure that cloud products and services meet stringent security and privacy standards. CSPs intending to contract with Texas state agencies must adhere to TX-RAMP requirements. By following the TX-RAMP certification process and adhering to its requirements, CSPs can ensure they meet the security standards necessary to protect sensitive data and comply with Texas state regulations.

    Level 1 Certification
  • Applicable to: The ITSM module
    • Level 2 Certification
  • Applicable to: The endpoint security module

For any inquiries or clarifications regarding compliance management, feel free to email us at mspcentral-support@manageengine.com.

Strengthen your service delivery with MSP Central

Explore MSP CENTRAL
ecnew-fea-card-person-2

Success stories

Endpoint Central MSP is a very stable product and works well for MSPs. For a service provider using this solution, onboarding and setting up client networks and endpoints becomes very easy.

-Jurgen Barbieur,

Senior Consultant, Auxility