AWS Managed Services Provider (MSP) Partner Program Validation Checklist Update – Version 4.2.1
Editor’s note: This is not the most recent version of the MSP checklist. See version 5 released in May 2022 >>
By Andy Reedy, Principal Partner Solutions Architect – AWS
At Amazon Web Services (AWS), we are extremely fortunate to have an exceptionally broad and talented community of Managed Service Provider (MSP) Partners.
To earn and maintain customer trust, these AWS Partners go through an extensive independent audit to ensure their business health and validate their technical capabilities meet a set of rigorous program requirements.
Our goal is that when a customer sees a partner has the AWS MSP designation, they know they are working with an elite partner that has a proven track record of delivering in all aspects of the AWS Cloud, including planning and design, building and migration, operations and support, as well as automation and optimization.
As customer needs grow and new capabilities emerge over time, we’re constantly evaluating and evolving what it means to be an AWS-designated MSP. We want to ensure we continue to raise the bar on what it takes to become and maintain the AWS MSP designation.
As such, we periodically publish updates to the Validation Checklist (VCL) which define the criteria and requirements for the AWS Managed Services Provider (MSP) Partner Program. We’re pleased to share the latest updates in version 4.2.1 of the VCL.
Checklist Updates Going Forward
To provide predictability in the update process and allow partners plenty of time for preparation, we are planning to publish two (2) checklist updates per year beginning in 2022.
- Major updates, such as 4.x, which contain new or significantly changed controls, will be announced and published in the first quarter of the calendar year and will become the officially recognized version within 90 days.
- Minor updates, such as 4.x.y, which contain clarifying language and minor changes to existing controls, will be published in Q3 of the calendar year and may be immediately used for audit. This minor version will become the officially recognized version within 90 days of being published.
Annual Performance-Based Renewal
The AWS MSP Program will still perform an annual Performance-Based Renewal process in the interim years of a Full Audit. AWS MSP Partners are expected to drive innovation and excellent customer experience, as well as grow and develop their practices.
The renewal process includes:
- Publicly promote your AWS MSP Practice to customers.
- Five (5) launched opportunities in the APN Customer Engagements (ACE) platform that include managed services in the 12 months immediately prior to the annual renewal.
- One (1) public reference that includes AWS MSP services, published in the 12 months immediately prior to the annual renewal.
- MSP Partner remains in good standing at the Advanced or Premier tier, including the requirement to attain customer satisfaction (CSAT) responses.
- MSP Partner complies with the AWS Partner Network (APN) Terms and Conditions.
To maintain a high quality and consistent customer experience, the AWS MSP Partner Program still requires a Full Audit of all MSP Partners every 36 months, based on the MSP Partner’s original (or most recent) Full Audit date.
What’s New or Different in Version 4.2.1?
The changes in the 4.2.1 Validation Checklist fall into the minor update category and primarily focus on small changes to existing controls, clarifying language and removing ambiguity based on feedback we’ve received from our MSP Partner community.
AWS Partners seeking the MSP Program designation for the first time will conduct a Pre-Assessment of where they stand against the requirements prior to a Full Audit. We recommend AWS Partners already in the MSP Program also perform Pre-Assessments prior to a Full Audit, but this is not required.
AWS Partners can also read our whitepaper on Putting the Customer First: Building a Next-Gen MSP Practice.
Below is a summary of all material changes between version 4.2 to 4.2.1 of the AWS MSP Validation Checklist. Be sure to download the VCL and check out the full details on each of these changes.
The following updates have been made to the Audit Process and Timing:
The time to respond to all action items and findings from a full audit has been increased from five (5) business days to 10 business days. This change allows partners additional time to remediate issues discovered as a part of the audit process.
The following updates have been made to Definitions section for Case Studies:
We have clarified that partners may only use one example case study per customer and that affiliate or internal customers will not be accepted. We have clarified that specific document formats are not required for partner-generated case studies. A link to an AWS Case Study Guide has been provided which includes examples and templates should partners choose to use them.
The following controls were updated with changes to the evaluation criteria or scoring:
- 9.6.1, 9.6.2, 9.6.3 – Changed evaluation criteria to no longer require evidence that solutions have been operational for six (6) months. This had the adverse effect of partners meeting all functional requirements but having to wait for the defined time period.
These controls will now evaluate (1) details of capability included on public product pages; (2) evidence of provisioning/automation code to deploy the solution in customer accounts; (3) evidence the solution is running in live customer accounts; and (4) evidence the solution is generating alerts which are integrated into a ticketing/ITMS system.
The following controls were updated to improve the clarity of their definition:
- 2.1 – Clarified that internal business reviews which assess financial health are acceptable for this control. Removed unnecessary language not specifically related to the requirements in this section.
- 4.1 – Clarified that the APN customer satisfaction (CSAT) mechanism is not acceptable evidence for this control as partners do not have full visibility to the feedback.
- 4.1.2 – Clarified that partners should define a low score threshold for CSAT. The previous definition was ambiguous as to what constitutes a low score or customer dissatisfaction.
- 5.1 – Clarified that design documents must be from three (3) independent and unrelated customers.
- 8.1.10 – Clarified root multi-factor authentication (MFA) is not required on accounts in which root is not defined, such as those created using AWS Organizations or AWS Control Tower.
- 8.1.11 – Changed social engineering testing to require only one (1) communication channel. Clarified that training should occur annually.
- 9.13.3 – Clarified that configuration management database must include an approval workflow or mechanism which alerts to configuration changes. Added requirement that evidence must include identification of recent changes.
When Do These Changes Take Effect?
AWS Partners entering the program, or AWS MSP Partners renewing their program status, will be required to meet version 4.2.1 requirements for all audits and renewals as of January 1, 2022.
For more info, please contact your Partner Development Rep (PDR), Partner Development Manager (PDM), or Partner Solutions Architect (PSA). You can also find information here: