The ConnectWise Security Responsibility Matrix
This page discusses in general terms the types of roles and responsibilities that exist in a managed service provider (MSP) and/or a managed security service provider (MSSP) environment and does not provide legal advice. It is meant to be educational and illustrative and not prescriptive. We encourage you to consult your own legal counsel to familiarize yourself with the requirements that govern your situation.
You need the right mix of services and skills on your team and the right buy-in and support from your customers to realize maximum value from ConnectWise. A proper focus on laying out your business objectives will enable you to establish, maintain, and extend ConnectWise products and services as a strategic platform for your organization.
This responsibility matrix will address the following key questions:
- As an MSP, how should I lay out my initial offering?
Make sure to define the roles and responsibilities for the services you plan to offer. Make sure to periodically revisit these roles and responsibilities when you implement additional platform capabilities, or when there are significant changes in your business that impact the way you need to manage the platform. - What are the minimum requirements and related responsibilities for my core platform offerings?
The provided list of items should be covered or at least considered at a minimum - What are the additional roles and responsibilities to consider adding to my core platform offerings if I add NOC or Help Desk?
The core offering covers the day-to-day management and maintenance using the ConnectWise RMM, ConnectWise Automate®, or ConnectWise Command™ RMM solutions. The NOC/Help Desk offering adds an external set of resources and skills to your organization that enables the execution of tasks related to tickets that are logged. NOC and Help Desk services are not available to ConnectWise Automate users at this time.
The core offering covers the day-to-day management and maintenance using the ConnectWise Automate®, ConnectWise RMM, or ConnectWise Command™ RMM solutions. The NOC/Help Desk offering adds an external set of resources and skills to your organization that enables the execution of tasks related to tickets that are logged.
Here is a non-exhaustive list of our recommended roles and responsibilities.
Core Products
Responsibility
Customer
Partner
ConnectWise
Cloud/Colocation Provider
Asset Definition
Data management (classification and retention)
Media disposal and destruction
Backup and restore
User Provisioning
Authentication and authorization
MFA/SSO
Data encryption
Encryption key management
Security logging and monitoring
Vulnerability management
Business continuity and disaster recovery
Secure SDLC processes
Penetration testing
Privacy
Asset Patching
Infrastructure Patching (Cloud)
Compliance: regulatory and legal
Infrastructure management
Security management
Secure configuration of instance
Employee vetting or screening
Environment controls
Physical security
Help Desk/NOC
Responsibility
Customer
Partner
ConnectWise
Cloud/Colocation Provider
SLA Definition
Contact Details
Escalation process definition
Application catalog
Application Access
Account Setup
Malware Remediation
Device Access
Device Backup
Audit Logging
Contacts (Names, Email, Phones)
SOC
Responsibility
Customer
Partner
ConnectWise
Cloud/Colocation Provider
Incident Response process
Service Integration
Alert Triage
Containment
Remediation
Forensics
Breach Notification
External Communication
Security Incident Response
Security Incident Management