The ConnectWise Security Responsibility Matrix
This page discusses in general terms the types of roles and responsibilities that exist in a managed service provider (MSP) and/or a managed security service provider (MSSP) environment and does not provide legal advice. It is meant to be educational and illustrative and not prescriptive. We encourage you to consult your own legal counsel to familiarize yourself with the requirements that govern your situation.
You need the right mix of services and skills on your team and the right buy-in and support from your customers to realize maximum value from ConnectWise. A proper focus on laying out your business objectives will enable you to establish, maintain, and extend ConnectWise products and services as a strategic platform for your organization.
This responsibility matrix will address the following key questions:
- As an MSP, how should I lay out my initial offering?
Make sure to define the roles and responsibilities for the services you plan to offer. Make sure to periodically revisit these roles and responsibilities when you implement additional platform capabilities, or when there are significant changes in your business that impact the way you need to manage the platform.
- What are the minimum requirements and related responsibilities for my core platform offerings?
The provided list of items should be covered or at least considered at a minimum
- What are the additional roles andresponsibilities to consider adding to my core platform offerings if I add SOC or Help Desk?
The core offering covers the day-to-day management and maintenance using the ConnectWise Automate® or ConnectWise Command™ RMM solutions. The NOC/Help Desk offering adds an external set of resources and skills to your organization that enables the execution of tasks related to tickets that are logged.
This chart is a starting point for driving MSP decisions for skills, services, and responsibilities, but it’s not a one-size-fits-all for every organization. Depending on your organization’s size and the extent that you are using ConnectWise offerings to augment your staff, responsibility might fall across multiple parties. As you grow and evolve your use of the platform, consider splitting out and further defining any combined roles to help drive focus and enable long-term scale.
Here is a non-exhaustive list of our recommended roles and responsibilities.
Data management (classification and retention)
Media disposal and destruction
Backup and restore
Authentication and authorization
Encryption key management
Security logging and monitoring
Business continuity and disaster recovery
Secure SDLC processes
Infrastructure Patching (Cloud)
Compliance: regulatory and legal
Secure configuration of instance
Employee vetting or screening
Escalation process definition
Contacts (Names, Email, Phones)
Incident Response process
Security Incident Response
Security Incident Management