MSP Verify “gold standard” updated to reflect closer alignment to CMMC (NIST 800-171) and ISO 27001 controls (Press Update)

The International Association of Cloud & Managed Service Providers (MSPAlliance®) announced the newest release of its Unified Certification Standard (UCS) for Cloud & Managed Service Providers. UCS v.21 adds more detail around existing Cybersecurity coverage within the standard, including further mapping to frameworks such as CMMC and ISO 27001.

The UCS was created in 2004 and is the only purpose-built MSP standard developed by MSPs. The UCS undergoes regular reviews to maintain its relevance within the professional managed services community. Comprised of 10 objectives, the UCS provides a comprehensive evaluation of and benchmark for practicing managed service providers.

UCS v.21 represents a significant enhancement of our standard,” said Charles Weaver, co-founder of MSPAlliance. “As our global community of MSPs must increasingly comply with frameworks such as CMMC and ISO 27001, this update to the UCS allows those providers going through the MSP Verify process to more easily identify and onboard the controls necessary to demonstrate such compliance.”

The UCS currently covers ten objectives or topical areas relevant to practicing MSPs:
UCS Objective 1 - Governance
UCS Objective 2 - Policies & Procedures
UCS Objective 3 - Confidentiality, Privacy and Service Transparency
UCS Objective 4 - Change Management
UCS Objective 5 - Service Operations Management
UCS Objective 6 - Information Security
UCS Objective 7 - Data and Device Management
UCS Objective 8 - Physical Security
UCS Objective 9 - Billing and Reporting
UCS Objective 10 - Corporate Health

MSP Verify Certification Offerings

MSPAlliance currently offers the following certifications:

  • MSP Verify - for providers of managed IT services
  • Cloud Verify - for providers of cloud-based applications, including Software as a Service and cloud-based infrastructure
  • SOC 1 Type 1 & Type 2 - can be added to any MSP or Cloud Verify project
  • SOC 2 Type 1 & Type 2 - can be added to any MSP or Cloud Verify project
  • Data Center Verify - for providers of data center services
  • Business Continuity Verify - an independent verification of MSP business continuity operations
  • GDPR Verify - for service providers wanting to demonstrate compliance with GDPR
  • ISO 27001

All MSPAlliance certifications include consultative gap analysis, remediation assistance, and an independent auditor review with a signed, comprehensive audit report. Further, providers who participate in the certification process can participate in peer-group-style meetings with other MSP Verify companies.

Less than 3% of the MSPs worldwide possess an MSP Verify (or equivalent) certification or audit. Those MSPs with the MSP Verify service both SMB, mid-market, and enterprise clients, including organizations across many vertical markets, including financial services, banking, healthcare, education, legal, government, and more.


Featuring 210+ international expert speakers across 70+ sessions, PrivSec Global June will cover the most pressing and challenging topics in data protection, privacy and security. View the agenda and register free here:

If you have any information you would like to share with GRC World Forums, get in touch with us at