AWS Partner Network (APN) Blog
Seven Steps to Successfully Prepare For Your AWS MSP Audit
Since the launch of the official AWS Managed Service Program in 2014, more than 50 APN Partners across the world have successfully completed the third-party validation audit established by the MSP team. More and more firms are looking for guidance on what it takes to pass the audit, and become an AWS MSP.
Along with the MSP Validation Checklist we’ve made available on the APN Portal, we want to share some tips and tricks to successfully prepare for (and pass!) your audit from the third-party auditing firm, ISSI. “ISSI is primarily a consulting company, focused on building streamlined, effective management systems that allow our customers to achieve compliance with industry and customer specifications,” says Burjor Mehta, ISSI CEO. “AWS engaged ISSI’s worldwide team to conduct the (AWS) Managed Service Program partner audits because of our dedication to a collaborative, consultative approach; our goal is to ensure not only that APN Partners meet the high standards set by AWS for next generation MSPs but also to encourage APN Partners to look for ongoing opportunities for improvement and alignment with AWS best practices. We’re excited to be part of the transformation of the managed service provider industry as defined by the AWS MSP program!”
Without further ado, let’s jump into the seven steps for successful preparation, courtesy of ISSI.
Step One: Prepare
We have seen overwhelmingly that APN Partners who spend more time planning and preparing for the audit have a better experience and a more positive outcome.
- Carefully review the current AWS Managed Service Program Partner Validation Checklist; use the validation checklist to complete the Self-Assessment as a gap analysis of your current compliance compared to the actual program requirements
- Focus on the items that have scores that are more heavily weighted (i.e, +0, -200)
- Highlight any controls in the Checklist that are unclear, or controls that you’re concerned about your ability to provide evidence
- If compliance gaps are significant or if you are early in the development and implementation of your Managed Service practice, consider engaging a consultant to better prepare you for the audit
- After you’ve verified that you can satisfy the highest weighted requirements and a majority of the remaining items, submit your AWS MSP application through the APN Portal
Step Two: Organize and Assign
A common misconception is that one person in the organization must be able to provide all of the answers during the audit; don’t hesitate to identify and engage your internal subject matter experts to collaborate on audit preparation.
- Note which checklist items belong to which groups within your business, and assign to the appropriate stakeholders
- Establish a working timeline, and set deadlines and meetings with key people to address evidence and progress – lean on your Project Management Officer (PMO), if possible, for support
- Get buy-in from management to assist with the delegation of relevant tasks to the appropriate teams
- Create a central repository for audit documents, information, and completed evidence (using Amazon WorkDocs or Amazon Simple Storage Service (Amazon S3) can help!)
- Analyze areas of immaturity, and establish timelines to implement short-term and long-term improvements
Step Three: Adopt
Be sure to consider the scalability and repeatability of any new tools or processes that are adopted in order to meet the Checklist requirements. We will be looking for real-time evidence that tools and processes are being effectively implemented.
- Identify tools or processes that must be implemented prior to audit to obtain the full checklist points
- Create a timeline for implementation of new tools or processes
- Prepare documentation for any tools or processes that are on your long-term roadmap, but may not be fully mature prior to the audit
- Implement only those tools or processes that improve your business, and that are scalable as you grow – don’t implement changes to “check the box” for the audit
Step Four: Review/Refine
A common best practice is to link documentary evidence directly to the Checklist sections, so it is easily referenced and accessible when requested by the auditor. While the audit itself will be fluid, being able to quickly reference documents that provide validation of compliance will ensure a better overall audit experience.
- Review evidence to ensure it’s consistent with requirements, and is ready for presentation to an auditor; review and update your completed Self-Assessment to identify where gaps may remain
- Assess weaknesses in prepared evidence and refine as necessary
- Review presentation for ease of use – ensure there are links to evidence, demonstrations, and screenshots in a single, easily accessible document
- Ensure the presentation is organized, and follows progression of the audit checklist with any changes to the order identified (i.e., to ensure appropriate personnel can be present for their portion of the audit)
- Simple is better! Organize evidence so that presenters have documents and demonstrations available at their fingertips
- Remember, the best evidence will always be based in customer examples: hypothetical scenarios or process documents that haven’t been tested will not meet the audit criteria in most cases
Step Five: Practice
Many APN Partners conduct “dry runs” of the audit day, to ensure that documents and tools are readily accessible and that all presenters are prepared. This will also catch any potential technological issues (e.g., databases not accessible from the presenter’s system, etc.) that could slow the progress of the audit.
- Practice in sections with responsible parties and practice the full audit at least once with all the required attendees
- Present your Customer Capabilities Demonstration to others to gauge effectiveness of your sales pitch
- Ensure that any new processes or tools have been used and are functioning properly; address any concerns or issues at this time and update any documentation as necessary
- Ensure that the appropriate personnel are prepared to address any areas of concern
- Consider scheduling a pre-assessment with the audit firm to ensure an objective dry run and to help shore up the evidence ahead of the actual audit; this should be completed at least 2-3 weeks prior to the audit date, in order to allow time to implement recommendations for closing any remaining gaps
Step Six: Present
Don’t forget that we are looking to validate compliance. Showcase your strengths relative to your AWS Managed Service practice, and be open and honest about areas where you are still looking to grow and improve. We will in turn share best practices and recommendations for improvement that can be integrated into your current roadmap.
- On the day of the audit, present your evidence to the auditor as if you are selling to a prospective client
- Emphasize the positives that your business brings to AWS customers in a competitive marketplace
- Use language from the Checklist when discussing evidence to avoid any misunderstandings
- Focus on company strengths, accomplishments, and service differentiators
- The auditor’s role is to assist in your success by thoughtful review and validation of your processes and systems; auditors are trained to take a consultative approach and to ensure a positive experience
Step Seven: Relax!
Congratulations. Completing the audit process is a significant accomplishment. The shared goal of AWS and ISSI is to identify and acknowledge APN Partners who are providing end-to-end, next-generation managed services for AWS customers. Your success is our success!
- You will have an opportunity to close any identified gaps after the conclusion of the audit and before a detailed final report is submitted to AWS for review
- Your company will emerge from the process well positioned for growth and success; be sure to put your APN status and AWS MSP Certification to good use by developing a marketing plan that builds on the momentum of your successful audit
Want to learn more? Download the AWS MSP Getting Started Guide on the APN Portal.