The ConnectWise Security Responsibility Matrix

This page discusses in general terms the types of roles and responsibilities that exist in a managed service provider (MSP) and/or a managed security service provider (MSSP) environment and does not provide legal advice. It is meant to be educational and illustrative and not prescriptive. We encourage you to consult your own legal counsel to familiarize yourself with the requirements that govern your situation. 

You need the right mix of services and skills on your team and the right buy-in and support from your customers to realize maximum value from ConnectWiseA proper focus on laying out your business objectives will enable you to establish, maintain, and extend ConnectWise products and services as a strategic platform for your organization.

 

This responsibility matrix will address the following key questions:  

  1. As an MSP, how should I lay out my initial offering?
    Make sure to define the roles and responsibilities for the services you plan to offer. Make sure to periodically revisit these roles and responsibilities when you implement additional platform capabilities, or when there are significant changes in your business that impact the way you need to manage the platform.
  2. What are the minimum requirements and related responsibilities for my core platform offerings?
    The provided list of items should be covered or at least considered at a minimum
  3. What are the additional roles andresponsibilities to consider adding to my core platform offerings if I add SOC or Help Desk?
    The core offering covers the day-to-day management and maintenance using the ConnectWise Automate® or ConnectWise Command™ RMM solutionsThe NOC/Help Desk offering adds an external set of resources and skills to your organization that enables the execution of tasks related to tickets that are logged.

This chart is a starting point for driving MSP decisions for skills, services, and responsibilities, but it’s not a one-size-fits-all for every organization. Depending on your organization’s size and the extent that you are using ConnectWise offerings to augment your staff, responsibility might fall across multiple parties. As you grow and evolve your use of the platform, consider splitting out and further defining any combined roles to help drive focus and enable long-term scale.

 

Here is a non-exhaustive list of our recommended roles and responsibilities.

Core Products

Responsibility

Customer

Partner

ConnectWise

Cloud/Colocation Provider

Asset Definition

checkmark-purple.png

Data management (classification and retention)

checkmark-purple.png

Media disposal and destruction

checkmark-blue.png

Backup and restore

checkmark-blue.png

User Provisioning

checkmark-purple.png

Authentication and authorization

checkmark-purple.png

MFA/SSO

checkmark-purple.png

checkmark-blue.png

Data encryption

checkmark-blue.png

Encryption key management

checkmark-blue.png

Security logging and monitoring

checkmark-purple.png

checkmark-blue.png

Vulnerability management

checkmark-purple.png

checkmark-blue.png

Business continuity and disaster recovery

checkmark-blue.png

Secure SDLC processes

checkmark-purple.png

checkmark-blue.png

Penetration testing

checkmark-purple.png

checkmark-blue.png

Privacy

checkmark-purple.png

checkmark-blue.png

Asset Patching

checkmark-purple.png

Infrastructure Patching (Cloud)

checkmark-blue.png

Compliance: regulatory and legal

checkmark-ltblue.png

checkmark-purple.png

checkmark-blue.png

Infrastructure management

checkmark-blue.png

Security management

checkmark-blue.png

Secure configuration of instance

checkmark-purple.png

Employee vetting or screening

checkmark-purple.png

checkmark-blue.png

Environment controls

checkmark-blue.png

Physical security

checkmark-blue.png

Help Desk/NOC

Responsibility

Customer

Partner

ConnectWise

Cloud/Colocation Provider

SLA Definition

checkmark-purple.png

checkmark-blue.png

Contact Details

checkmark-purple.png

Escalation process definition

checkmark-purple.png

Application catalog

checkmark-purple.png

Application Access

checkmark-purple.png

Account Setup

checkmark-purple.png

Malware Remediation

checkmark-purple.png

checkmark-blue.png

Device Access

checkmark-purple.png

Device Backup

checkmark-ltblue.png

checkmark-purple.png

Audit Logging

checkmark-blue.png

Contacts (Names, Email, Phones)

checkmark-ltblue.png

checkmark-purple.png

SOC

Responsibility

Customer

Partner

ConnectWise

Cloud/Colocation Provider

Incident Response process

checkmark-purple.png

Service Integration

checkmark-purple.png

Alert Triage

checkmark-blue.png

Containment

checkmark-purple.png

checkmark-blue.png

Remediation

checkmark-purple.png

checkmark-blue.png

Forensics

checkmark-purple.png

Breach Notification

checkmark-purple.png

checkmark-blue.png

External Communication

checkmark-ltblue.png

checkmark-purple.png

Security Incident Response

checkmark-purple.png

Security Incident Management

checkmark-purple.png