MSSP Communication Plan
15 May 2020Communication Plan
Communication is the key when providing services to either the clients outside your organization or with in your organization to any department. One bad email or a missed email can change the trajectory of your relationship with your client.
Now the communication goals can be different and totally depends on the relationship and services being offered to the clients. One possibility could be the project updates that need to be relayed, another could be to inform about an incident and may be you need to send the periodic updates.
WHY
First thing to consider is what part of the communication plan because if you are not sure about the “Why” part then the rest of the plan will not work either or at least the objective of it would never be achieved. To define why part of the communication plan, we need to identify the “Value” we are adding in the client’s daily operations. How are we ensuring that our efforts have an impact on the business of the client. If we are sure about the value, then it is easy to define the metrics and other variables that should be reported to client. These variables and metrics should be very clear.
WHAT
Once the Why part is clear it is fairly straight forward to define what needs to be reported. The services that are being provided to the client should be mapped with the business value being added and metrics should be derived to quantify the efforts. Quantification is important to understand the progress, efficiency as it gives a very clear view on the status of services impact on the business value.
For example, if an MSSP is providing threat monitoring as a service to the client, the value being provided here is early identification of an incident and providing investigation insights into the events. With this basic value proposition, naturally the metrics should be number of alerts received, number of alerts investigation, number of alerts declared incidents and false positives etc.
Lastly, the audience will also impact the content of the communication. Is it intended for executive management, technical management or technical team? Executives wouldn’t be bothered about the number of investigations created however they would like to be aware of any impact on the business due to an incident. Technical teams would be more interested in understanding the technicalities of the alerts, scope of investigations etc.
WHO
An important point here is to consider who should be receiving the communication and who should be sending it. As an MSSP, you need to be extra careful about the out-bound communication since it represents you, your culture and professionalism. A senior resource in your team should be responsible for a careful review of any email out-bound who can provide necessary feedback and ensure that it is ready to be sent.
Secondly, you should have record of all the key stakeholders which is easily reachable by the resources responsible for communication. Their names, designations, contact numbers, emails etc and backup resources who should be contacted in case the main resource isn’t responding.
WHEN
The frequency of communication has to be decided with the client during initial consultations. It can be daily, weekly, bi-weekly or any other time period. The frequency will depend on the content of the report and the information it provides to the audience.
For example, if the client wants to know the number of alerts triggered each day, definitely this report will be sent daily. Another report would be to provide summary of incidents observed and their impact on business to be sent to executives each month.
There should be understanding between the client and service provider about the timings and who should be contacted at what time for any ad-hoc requests, incident reports. For example an IT administrator who is available between 9-5 might not be available for an incident escalation at 1:00 am, so the communication plan should also include the timings for particular resources.
In the next post we will create a basic communication plan.