When it comes to security compliance, MSPs want to keep it simple. If you work in the industry, you know how complex the pursuit of robust cybersecurity can be.
Between security tools and procedures, staff training, cyber liability insurance, and offering Compliance as a Service (CaaS), the information can easily become overwhelming for both the MSP internally as well as the MSP’s clients.
For Marc Umstead, President of Plus 1 Technology, simplifying compliance was a top priority. The Pennsylvania-based MSP, which Umstead founded in 2005, has been working to improve its CaaS offering with a desire for a hands-off, systemized process that is easy for new and existing staff to adopt.
Plus 1 Technology targets small to medium-sized businesses (SMB), often with five to 50 employees, so being lean and affordable is a top priority.
Umstead needed an answer to a simple question: How can they make compliance a systemized process that can be handed to staff?
Industry chatter had Umstead almost convinced that he’d need to spend a lot of money to have a senior staff member manage the compliance suite. As it turns out, there’s another way forward. With the right tools, the answer is simple.
For Umstead, the answer is ControlMap. By having a centralized and automated compliance platform, ControlMap has helped them create and sustain a repeatable process.
“Once one of those senior people gets to review the documents and create the process, then you’ve built something that you can hand off to somebody like an admin to complete it over and over again.”
At first, Plus 1 Technology’s compliance process was still partially manual. They began searching for a tool to simplify compliance and automate some processes.
When they added ControlMap to their toolset, Umstead saw the platform quickly impacting the process.
While other options they considered were too convoluted and expensive for the MSP and its clients, ControlMap was a fit operationally. Plus 1 Technology could address client compliance challenges through a single solution.
One of the features Umstead has begun using is ControlMap’s risk register. The risk register feature provides a centralized repository of the risk and vulnerability data. This lets the MSP view and manage that data alongside scores for likelihood and impact on information systems.
Plus 1 Technology can assess the likelihood of threats and their impact on clients. They can update inherent and residual risk scores and create a mitigation plan for risks with security controls.
They had previously used an offline solution but can now manage the risks to their clients in a centralized platform that is always up to date. This has simplified their Compliance as a Service process, which also leads it to being much fast as well.
They don’t need to spend time collecting information from several different places. All the relevant information is together and viewable in an accessible way. This is just one aspect of the platform that creates a centralized compliance hub.
“So those types of things make it easier for the clients to have that one place they can go and see all that information with all the documents and not have everything spread all over the place,” he said.
With these tools, Plus 1 Technology has been able to scale their CaaS and turn it into a systemized process that can be delegated to staff. With an improved process, the MSP’s team can provide an even better service for their clients while also meeting higher internal metrics.
Umstead’s plan to offer Compliance as a Service to customers started with a plan based on the business’s needs. They had to answer questions like where the price point needed to be, how simple the process was, and what functionality ControlMap needed to deliver.
“Because we primarily operate in the SMB space, the cost was obviously a factor. And the simplicity is probably the most important thing. You can’t hand something to people who know nothing about compliance that’s too complicated that they’re never going to be able to use,” he said.
They had to set it up so that understanding the compliance process was very simple, and clients were assigned exactly what they needed to do. Plus 1 Technology would complete everything they could for the clients while the clients themselves received clear instructions on their next steps.
Having a solution where they can say to clients, “We’ve answered these technology questions and procedures. Here’s the stuff you need to do,” has streamlined the process for the MSP and clients very successfully.
“We’ve had pretty great success doing it with people that are not technical at all. So that’s how you know it’s successful.”
Plus 1 Technology serves many businesses in the accounting industry. So when the new Federal Trade Commission (FTC) safeguards were implemented, they had to inform many of the accountants of the new changes.
He said the new FTC safeguards weren’t communicated well in the industry, so many of their accounting clients didn’t know they had new compliance requirements.
“We had an industry-specific compliance solution that we’re able to offer at a reduced price because the process is very simplistic once you’re doing it for specific compliance for a specific industry. It’s much easier to systematize the entire thing.”
ControlMap is ready to help you get started on your compliance journey. For more information on how ControlMap helps you follow the path to compliance with SOC 2 or other frameworks, book a demo today.
Umstead said that when developing a pricing strategy, MSPs need to consider the internal time commitment their work will demand. They should ask how long the process will take to complete and examine whether it can be scaled into a continuous and sustainable process.
Umstead added other factors influence what the market will bear depending on your market and the competitive landscape.
They looked at all those things and derived what they believed was a good price point for an initial run. They offered a slight discount for the existing client base so that they could use them to develop the process.
Umstead said that with the reduced rate initial push, they could develop the process by testing it with real people. A real test helped them understand where the problems in the processes are and where delays will happen.
“Because a lot of this stuff you could sit down and do in a day or two if every email you sent gets answered, everybody does what you asked them to do in a timely manner. But it’s just not reality, right?” Umstead said.
“Going through it a couple of times in real life and understanding what that lag time is, how long it typically takes people to review things, and getting employees to sign off on procedures and documents and all that kind of stuff. Gathering the evidence you need.”
Plus 1 Technology currently uses two pricing schemes, one for IT MSP clients and one for clients not receiving the managed IT service.
The process is much easier for clients who get IT MSP service because many of the technical questions can be answered more easily as they are already tracked in Plus 1 Technology’s platforms, such as ControlMap.
If a client already has an existing IT department, for example, that process can take longer, which necessitates a different pricing approach.
By reexamining its internal processes and upgrading its toolset, Plus 1 Technology has been able to improve its Compliance as a Service offering.
Those improvements have been seen both internally through process revamps thanks to ControlMap, as well as externally through more efficient workflows and pricing models.
They now offer a cost-effective solution that meets the needs of small to medium-sized businesses and produces better results.
Plus 1 Technology has built a scalable compliance service that meets the market’s needs while maintaining high-security standards by keeping things simple, affordable, and systematic.
Interested in developing your MSP’s compliance capabilities? Learn more about ControlMap’s cybersecurity and compliance features by watching our on-demand demo now.