In a managed service model, who is responsible and accountable for data?

7th November 2022


Font size: - +

This article has been supplied as a media statement and is not written by Creamer Media. It may be available only for a limited time on this website.

By Iniel Dreyer, MD at DMP South Africa

Compliance is part and parcel of data management, but when it comes to outsourcing this function to a Managed Service Provider (MSP), there is often debate around who is responsible for the data should something happen. However, whether the agreement places this responsibility on the MSP or the client, the question nobody asks is who is accountable. While responsibility may be shared or may fall with one party or the other depending on contractual arrangements, the accountability for data always remains with the business that is generating it, and this changes the entire picture. 

Responsibility versus accountability

Simply put, responsibility can be defined as a duty to carry out a task. In this case, when data management is outsourced to an MSP, the responsibility for the MSP is to fulfil the task that they are contracted to do – managing data in line with compliance requirements. This does not absolve a business of responsibility for their own data, however, as they have a duty to ensure that they have processes in place and follow these processes to ensure their data can be managed in a compliant manner. 

On the other hand, accountability speaks to the consequences of action, for example, who is going to pay the fine should there be a breach of compliance legislation. The answer is that this always falls to the business. No matter who is responsible for managing data, the data belongs to the business, and they will be the ones held to account if something goes wrong. 

IT is not the solution

When it comes to ensuring compliance, since accountability always lies with the business, it is essential to ensure that the MSP is compliant before outsourcing any data management functions. However, before this can be done, it is essential to establish what exactly it is that needs to be complied with, which is often the most difficult question, with a myriad of regulations and legislation being applicable depending on the sector and regions the business operates in. There are two pillars to consider when engaging with an MSP in regards responsibility for data management, one being the data availability and recovery, and the second, the retention of data, however the requirements for compliance, and ultimately accountability, in each will depend on the individual business. 

This means that before your data can be deemed compliant, you need to understand what that means for your business and have a framework in place that outlines this. Working with the MSP to achieve this is essential, but at the end of the day, compliance needs to be driven by the business. Technology can be a highly effective enabler of compliance, but compliance is not an IT problem, and you cannot outsource a compliance function without the understanding of what the requirements look like for your business. 

Data considerations

Data insight is a crucial area of compliance because not all data is created equal and therefore not all data requires the same level of protection. Understanding what types of data you have and how to treat it remains one of the biggest challenges for compliance. It becomes incredibly complex, which is why responsibility has become a grey area around outsourcing and managed services. The service provider is responsible for delivering services in a compliant and responsible manner. However, should there be a data leak or a breach, no matter where the responsibility lies, the business will suffer the consequences and is therefore always accountable. 

When it comes to compliance, there is no singular approach that will work for every business, and no off-the-shelf solution that can be implemented to solve compliance challenges. Working with an MSP, however, can help businesses to better understand their data needs and embark on the journey toward compliance. It is essential to ensure that service providers are compliant, responsible and can support you, with the understanding that business, being the accountable party for data and compliance, should always be the driver of compliance, while IT functions as the enabler.

Edited by Creamer Media Reporter



VEGA Controls SA (Pty) Ltd
VEGA Controls SA (Pty) Ltd

For over 60 years, VEGA has provided industry-leading products for the measurement of level, density, weight and pressure. As the inventor of the...

SBS Tanks
SBS Tanks

SBS® Tanks is a leading provider of innovative water security solutions with offices in Southern Africa, East and West Africa, the USA and an...


Latest Multimedia

sponsored by

Photo of Martin Creamer
On-The-Air (01/12/2023)
1st December 2023
Magazine round up | 01 December 2023
Magazine round up | 01 December 2023
1st December 2023

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?







sq:0.263 0.313s - 160pq - 2rq
Subscribe Now