A Shared Responsibility Matrix (SRM) is as critical as a Master Services Agreement to limiting your liability and properly setting client expectations. It’s especially important when your clients have to meet compliance requirements. CMMC Level 2 now requires MSPs to provide their Customer Responsibility Matrix (CRM) – the Department of Defense likes making up its own names – to their clients as a requirement to get their certification assessment scheduled. So why is it missing from so many MSP agreements? Compliance expert and CMMC Certified Assessor Mike Semel will explain what an SRM/CRM should include, why it should be used with every client, and its special importance with CMMC.
Speaker: Mike Semel, President/Chief Compliance Officer – Semel Consulting
Mike Semel is recognized as a thought leader in the IT, compliance, and business continuity industries. He is the President and Complianceologist at Semel Consulting, focused on regulatory cybersecurity compliance and Business Continuity planning. Mike is a CMMC Certified Assessor (CCA), CMMC Certified Professional (CCP), CMMC Registered Practitioner(RP) , ISC2 Certified Governance Risk Compliance (CGRC), Certified Security Compliance Specialist, Disaster Recovery Institute Certified Business Continuity Professional & Certified Cyber Resilience Professional, Certified HIPAA Security Professional, and Certified Health IT Specialist. He has owned or managed MSP companies for over 30 years; served as Chief Information Officer (CIO) for a hospital and a K-12 school district; and managed operations at an online backup company. Mike is the only expert who consulted with CompTIA on the original Security Trustmark (2008), the Security Trustmark Plus (2014), and the Cybersecurity Trustmark (2023). He is the best-selling author of How to Avoid HIPAA Headaches.