Compliance / FERPA/COPPA
The two federal frameworks that govern student data and children's online privacy — directly relevant if any client you serve is a school, district, or ed-tech vendor.
This is the framework we track the most deliberately, because it's not hypothetical for us — Nexus runs the MSP practice we dogfood the platform on, and part of that practice serves K-12 school clients directly, where FERPA (student education records) and COPPA (children under 13 online) aren't abstract compliance line items, they're the actual data our own team is responsible for every day.
This describes what the module tracks against FERPA/COPPA — not a claim that Nexus or any client on it is certified or audited against it. See the compliance & QBR module for the full picture, or read the blog for more on how we think about compliance tooling.
The audit framework a lot of your clients' own customers require them to answer for — and that requirement flows straight down to you as their MSP.
A widely-adopted, vendor-neutral structure for cybersecurity posture — Identify, Protect, Detect, Respond, Recover — that shows up in RFPs, cyber-insurance questionnaires, and board conversations alike.
If any client handles protected health information, HIPAA's Security Rule reaches your MSP the moment you touch their systems — business associate agreement or not.
Join the design-partner cohort and we'll walk through the control mapping for your own clients.