Why Cisco Partners Should Automate CMSP Compliance

Cisco’s Cloud and Managed Services Program (CMSP) is a coveted designation for Cisco Partners. It gives the Partner the right to display “Powered by Cisco” for their Networking, Collaboration, Datacenter and Security cloud solutions and services. Once certified for CMSP, the Partner derives many benefits like Designation and Branding (e.g. Powered by Cisco), Financial Rewards and GTM support. However, to retain the CMSP certification the Partner has to undergo an annual audit to stay compliant with the program’s stringent requirements.  And every year, they spend at least 8 weeks going through the audit cycle.

The audit process is manual, painful and time consuming. The partner has to dedicate staff for the audit preparation, they spend weeks scraping information from disparate sources. Then they correlate the information with the CMSP requirements and then prepare reports to serve as evidence for the auditors. See figure below:

Now, imagine repeating the manual audit preparation for other regulatory standards like – SOC I, SOC II, NIST 800-xxx, PCI, HIPAA, GDPR etc. Further, many Partners have to comply with their own custom or corporate compliances in addition to the industry regulations. Suddenly, the Partner is confronted with half a dozen to a dozen regulatory standards to comply with on an annual basis!!

It is obvious that the additive cost of manual compliance is high. Even if the Partner manages to perfect the art of manual audits, it still leaves them exposed to risks. Recognize that audits are temporal in nature, the Partner has no visibility to compliance violations during the intervening period. By the time they discover violations, it’s too late. Most end up paying fines or lose accreditations and are consequently staking their reputation. This is the Partner’s dilemma – manual compliance has high cost and low value but the alternative is worse.

The only way to save time, money, protect reputation and mitigate risk is to automate compliance. The benefits of compliance automation go beyond addressing audits, see the Benefits section below.

In the next section, we will show you how Assertion’s Compliance Studio platform with its Bot technology can automate a standard or corporate compliance

Solution

The Assertion Compliance Studio platform automates industry compliance. It automates people, process and technology through continuous compliance. It proactively flags compliance violations and alerts personnel via email or SMS. Assertion renders the annual audit to be an incidental exercise, simply push a button to generate the latest audit reports that are encrypted, tamper proof and secure. No more data scraping for audit preparation.

Assertions’ Compliance Bot architecture enables the Partner to support multiple compliances (e.g. CMSP, NIST 800-xxx etc.) on the same platform. A compliance Bot is an implementation of controls defined in the authority documents (e.g. CMSP etc.). There is one-to-one relationship between a  Compliance Bot and a regulation, e.g. CMSP Bot, CB Bot, NIST 800-125 Bot etc. See figure below:

 

For example, the CMSP Compliance Bot implements 200 odd controls as defined in the CMSP authority document.  When deployed, it runs continuously on a preset schedule.  Likewise, the Cisco Cloud Builder (CB) Compliance Bot, which is another Cisco regulation,  implements 100 odd controls. The Partner could start off with the CMSP and CB Compliance Bots and over time add more Bots to satisfy business needs.

The CMSP, CB are living documents. Whenever Cisco makes changes to these requirements, the ripple effects are felt by the Partner and other downstream stakeholders. It is the Partner’s responsibility to implement the changes and redeploy. With Assertion, the Partner does not have to worry about changes and updates. Assertion monitors for requirement changes, implements them and pushes software updates to the Partner. All the Partner has to do is update their Compliance Bot with the new software and they are back in business. For Cisco, to be able to push new requirements adds tremendous flexibility and agility to their programs. It makes the CMSP and other certifications that much more effective.

Benefits of Automating CMSP Compliance

As a Partner, you benefit from:

  • Save time, cost, and resources
  • Continuous compliance
  • Proactively address non-compliance
  • On-demand tamper-proof audit reports
  • Upsell continuous compliance to customers.
  • Faster Response to RFPs
  • Display continuous compliance designation
  • Competitive edge or differentiator.
  • Reduce audit costs.

As Cisco, you benefit from:

  • Agile Requirements/Controls Updates
  • Continuous visibility to partner compliance
  • Instant notification of Infractions
  • Ensure partners consistently maintains high compliance standards

As an Auditor, you benefit from:

  • Shortened audit cycle
  • Spends days not weeks auditing
  • Accurate and current audit data.
  • Organized audit reports

As a Customer, you benefit from:

  • Confident that the service provider is proactively staying compliant.

Conclusion

Up until now, manual compliance was all about audits, audit reports and auditors. It was an annual ritual that organizations went through. Now with Assertion’s compliance automation platform, Cisco Partners can proactively monitor for Cisco and industry regulatory compliance, reduce their risk, save time and money. Assertion renders audits and auditors a byproduct of compliance automation.