What Should Organisations Expect From Their MSP?

by | Jun 9, 2026 | Industry News

Who Are You Trusting With Your Technology?

Trust has always been built on evidence.

Policies, procedures, certifications, and technical controls all have an important role to play, but their value ultimately depends on whether they are implemented consistently, reviewed regularly, and capable of standing up to independent scrutiny.

As organisations place increasing reliance on their technology partners, expectations around resilience, governance, and accountability continue to rise. Customers are asking more detailed questions about how services are operated, how risks are managed, and how effectiveness can be demonstrated over time.

Those are reasonable questions.

At TET, we’ve spent over 40 years supporting customers across the UK. Throughout that time, we’ve worked alongside many of the industry’s leading technology vendors whilst maintaining a vendor-agnostic approach. Because ultimately, our responsibility has always been to recommend the right solution for our customers, not simply promote a particular product or vendor.

We believe trust should be supported by evidence.

That is one of the reasons we have chosen to begin the Assurix assessment process.

 

 

Understanding What Assurix Is

Assurix is an independent assessment framework developed specifically for Managed Service Providers.

Aligned to CAF 4.0 principles, it evaluates both cybersecurity and operational maturity, recognising that effective service delivery depends on the interaction between the two.

Rather than providing a point-in-time certification outcome, the framework focuses on ongoing assessment, continual improvement, and demonstrable operational effectiveness.

Areas assessed include:

  • Security governance
  • Operational controls
  • Risk management
  • Service maturity
  • Evidence-based validation
  • Continuous improvement

At its core, Assurix is designed to answer a simple question:

Can an organisation demonstrate that its controls, processes, and governance arrangements are operating as intended?

“Independent assessment shouldn’t be something organisations fear. It should be something they welcome. Benchmarking ourselves against recognised frameworks helps us continually strengthen how we operate and ultimately provide greater confidence to our customers.”

Martin Bance, Operations Director

 

 

Why Expectations of MSPs Are Changing

The proposed UK Cyber Security and Resilience Bill highlights a broader trend that has been developing for some time.

Organisations are increasingly expected to understand, manage, and evidence risk across their entire supply chain, not solely within their own environments.

For Managed Service Providers, this reflects a growing emphasis on operational resilience, governance, accountability, and the ability to demonstrate effective risk management through evidence.

In practical terms, MSPs are becoming an integral part of their clients’ wider risk and compliance landscape.

That places greater importance on providers being able to demonstrate not only capability, but consistency.

We see this as a positive development for the industry.

As expectations continue to evolve, organisations should have confidence that the partners they rely on are willing to benchmark themselves, embrace independent challenge, and continually improve the way they operate.

 

 

Why We’re Beginning This Journey

Our decision to undertake the Assurix assessment is not driven by the pursuit of another certification.

It is driven by a commitment to continuous improvement and a belief that independent assessment provides valuable insight into how effectively an organisation operates.

The process allows us to:

  • Benchmark our operations against a recognised framework
  • Strengthen governance and accountability
  • Review the effectiveness of existing controls
  • Identify opportunities for improvement
  • Validate operational consistency
  • Prepare for evolving client and regulatory expectations

Most importantly, it provides an objective assessment of how our processes perform in practice, rather than how they are intended to perform.

For us, this is not about collecting another badge.

It is about welcoming independent challenge, measuring ourselves against recognised frameworks, and ensuring we continue to strengthen how we deliver services to our customers.

“After working with many of the industry’s leading vendors over the years, our focus has never changed. Technology matters, but outcomes matter more.”

Martin Bance, Operations Director

 

 

Security Problems Are Often Operational Problems

One of the biggest mistakes I see in our industry is assuming that better security outcomes come from buying more security tools.

Tools are important. They provide visibility, protection, detection, and control. But tools alone rarely determine whether an organisation is resilient.

The reality is that most security failures don’t happen because a tool was missing.

They happen because processes were inconsistent. Ownership wasn’t clear. Controls existed but weren’t being validated. Risks were identified but not tracked through to resolution. Governance was assumed rather than actively managed.

In other words, they’re often operational maturity problems disguised as security problems.

That’s why I believe resilience is built as much through governance, accountability, and consistency as it is through technology. You can invest heavily in security tooling, but if the underlying operating model isn’t mature, the outcomes will always be inconsistent.

This is one of the reasons frameworks like Assurix are valuable. They look beyond the technology stack and focus on how an organisation actually operates in practice.

Not what is written in a policy.

Not what is described in a service catalogue.

What can be evidenced.

How decisions are made.

How risks are managed.

How controls are validated.

How accountability is maintained.

Because that’s where resilience is truly tested.

And ultimately, that’s where it is either proven or exposed.

“Most security failures don’t happen because a tool was missing. They’re often operational maturity problems disguised as security problems.”

Lewis Shoulders, Managed Services Development & Presales Specialist

 

 

What Happens Next

The Assurix assessment is designed to be a structured and evidence-based process, providing an independent view of how effectively our governance, operational controls, and security practices function in reality.

Over the coming months, we will be working through a detailed assessment programme that includes:

  • Gathering and reviewing evidence across governance, operational, and security domains
  • Validating how controls are implemented and maintained in practice
  • Reviewing risk management processes, ownership, and accountability
  • Assessing operational maturity, consistency, and resilience
  • Identifying opportunities for improvement and prioritising corrective actions where appropriate

Importantly, this is not a point-in-time exercise.

One of the strengths of the Assurix framework is its focus on continual improvement. Effective governance and resilience are not achieved through a single assessment; they are developed through regular review, objective challenge, and ongoing refinement.

The assessment process will help us better understand where we are today, where improvements can be made, and how we continue to strengthen the services and assurance we provide to our clients.

As the programme progresses, we will share appropriate updates and insights into what we are learning and how those findings are helping to shape our ongoing improvement journey.

 

 

What This Means for Our Clients

For me, this comes down to something quite simple:

Trust should be supported by evidence.

As clients place more responsibility on their MSPs to secure, manage, and support critical services, they deserve more than high-level assurances that everything is under control.

They should be able to understand how decisions are made, how risks are managed, and what measures are in place to maintain resilience over time.

That means being able to answer questions such as:

  • How is my environment governed?
  • How is risk identified, assessed, and managed?
  • What evidence exists that controls are operating effectively?
  • Where are the gaps, and what is being done to address them?

These are no longer niche questions reserved for audits or compliance exercises.

They are becoming fundamental to how organisations assess trust in their technology partners.

As expectations continue to evolve, transparency and accountability will become increasingly important.

That is why we see independent assessment as more than a certification exercise.

It is a way of moving conversations from assumptions to evidence, from assurances to accountability, and from subjective opinion to measurable outcomes.

Ultimately, our clients should have confidence not just in the services we deliver, but in our ability to demonstrate how those services are governed, secured, and continuously improved.

“Trust should be supported by evidence. Customers deserve to understand not only what services are being delivered, but how those services are governed, measured, and continually improved.”

Lewis Shoulders, Managed Services Development & Presales Specialist

 

 

Our Commitment

Cybersecurity, operational resilience, and effective governance are not destinations that can be reached and considered complete.

They require continual review, regular validation, and a willingness to challenge existing assumptions and practices.

Our decision to undertake the Assurix assessment reflects a principle that underpins all effective management systems: organisations should be able to demonstrate that their controls, processes, and governance arrangements are operating as intended.

For us, that means:

  • Being able to evidence how we manage and deliver our services
  • Measuring ourselves against recognised external standards and frameworks
  • Identifying opportunities for improvement through independent assessment
  • Maintaining a culture of continual improvement and accountability

Independent assessment provides valuable assurance, not only by validating areas of strength, but by highlighting where further improvements can be made.

Ultimately, the objective is straightforward:

To continually strengthen how we operate, improve the consistency of our service delivery, and provide our clients with confidence that governance, security, and resilience remain embedded within our organisation as expectations continue to evolve.

 

 

Raising the Standard

The MSP industry doesn’t need more promises.

It needs more proof.

Customers want evidence.

Boards want assurance.

And frankly, they should.

That’s why we’re investing in an independent assessment.

Not because somebody has told us we have to.

Because we believe trust is earned through transparency.

And because if we’re asking clients to trust us with their environments, we should be prepared to demonstrate exactly how we operate them.

The standard is rising.

It should.

We’re choosing to rise with it.

INTEGRATE AND CONNECT

Download our eBook and learn valuable tips, tricks, and insights on how build a standardised data architecture

You have Successfully Subscribed!


By downloading our eBook you have agreed to our terms and conditions.