Today was a pivotal day in the history of the service provider channel. The inaugural meeting of the National Society of IT Service Providers (NSITSP) was held to bring the MSP community together and begin the regulation discussion that will help shape the channel for years to come. As Karl Palachuk, a long-time MSP author, advocate, consultant, and founder of NSITSP, stated at the beginning of the call to the 115+ MSPs in attendance, “Legislation is happening already and this issue involves politicians, insurance companies, MSPs, and their clients. Right now, MSPs do not have a seat at the table.”
Louisiana has already passed a law regulating MSPs. The Louisiana Act 117 – Senate Bill 273 went into effect on February 1, 2021, requiring MSPs that manage infrastructure and end-user systems for ‘public bodies’ to register with the state. Here are the key points of the bill:
- MSPs must register with the Secretary of State of Louisiana
- MSPs are now required to report any ransomware payments and other cyberattacks
- MSPs must offer public access to information such as, but not limited to, records of cyber incidents
At the moment, Louisiana is the only US state to enact such regulations, however, the federal government and many other states are considering taking the same steps, which is why the NSITSP was formed. According to Palachuk, “Legislation and regulation are coming to our industry – fast. You no longer get to ignore this issue or put your head in the sand and pretend it's not happening. It's happening. Now you can choose to get involved and influence your future, or simply do nothing and let the legislators and bureaucrats decide your future.”
Palachuk’s formation of the NSITSP provides a centralized forum to regularly share information, discuss issues, and influence state and federal legislation.
Today, every state in the US has data protection laws. With MSPs in the crosshairs of cybercriminals, it is critical that we organize and join the conversations that are already taking place about MSPs, what defines them, how they should be regulated, and what the consequences are for not complying.
Thanks to Karl’s leadership, we are coming together as an organized group ready to take our seat at the table and help define legislation and regulation within the IT channel.