We could build a Security Operations Centre. We’ve chosen not to. Here’s why structural independence between your MSP and your SOC protects your business better than the alternative, and why “we own everything end-to-end” is starting to look less like a strength and more like a conflict of interest.
Most organisations do not ignore DSPT. It sits on the list, gets discussed, and there is usually a broad expectation that it will get done.
Then June arrives and the tone changes.
Questions start surfacing that no one can answer quickly. Where is the training evidence? Who last reviewed access permissions? Has anyone checked whether your suppliers meet the required standard?
At that point, the issue is whether the organisation can stand behind what it believes is in place. That gap between belief and proof is where pressure builds and where risk sits.