Compliance / HIPAA
If any client handles protected health information, HIPAA's Security Rule reaches your MSP the moment you touch their systems — business associate agreement or not.
A dental office, a therapy practice, a small clinic — healthcare clients this size are common MSP business, and HIPAA doesn't have a small-practice exemption for the technical safeguards a vendor with system access is expected to support: access controls, audit logging, encryption in transit and at rest.
This describes what the module tracks against HIPAA — not a claim that Nexus or any client on it is certified or audited against it. See the compliance & QBR module for the full picture, or read the blog for more on how we think about compliance tooling.
The audit framework a lot of your clients' own customers require them to answer for — and that requirement flows straight down to you as their MSP.
A widely-adopted, vendor-neutral structure for cybersecurity posture — Identify, Protect, Detect, Respond, Recover — that shows up in RFPs, cyber-insurance questionnaires, and board conversations alike.
Any client that takes card payments — a retail shop, a restaurant, a small e-commerce operation — answers to PCI-DSS, and their network security posture is frequently the MSP's responsibility to maintain.
Join the design-partner cohort and we'll walk through the control mapping for your own clients.