Last month, Robin Robins predicted that if you don’t add this one service, you will be out of business within the next three years.
Shockingly, less than 10% off MSPs currently offer this service…
Yet there are many reasons to add this service to your menu of offerings.
To start with, approximately 78% of small and medium sized businesses (SMBs) expect to invest in this service in 2020.
Offering this service gives you Monthly Recurring Revenue (MRR) because it’s an ongoing service, not a one and done.
This service can also be an excellent strategy for attracting new clients… and retaining your existing ones.
Plus, it’s a good way to differentiate yourself from other MSPs.
But the biggest reason to offer this service is because of how critical this issue is to your clients. And it’s an issue that will NOT go away.
What service am I referring to?
Compliance-as-a-Service (CaaS).
The single biggest driver for cybersecurity and robust IT services sales is government regulations. Medical practices, manufacturers, and other companies that host sensitive data are required by law to invest in compliance. If they don’t, they risk enormous fines and penalties. But the consequences for companies can be even more severe.
Leia Shilobod, Co-Founder of InTech Solutions, Inc. has created an entire system to help her manufacturer clients with compliance. Leia developed this program before the government required formal certification. Because of her foresight, she’s been able to continually improve her system and create a truly unique selling proposition that makes her highly attractive to her target audience. Her system completely prepares clients by walking them step-by-step through the formal certification process to ensure they are ready to meet the mandatory DFARS/NIST 800-171 compliance requirements for the Cybersecurity Maturity Model Certification (CMMC). Serious business, especially now that the government requires it, Leia explained just how critical this is for her clients. “If you fail certification, they give you 90 days to close your gaps,” Leia said. “If you can’t, you lose your contracts and go out of business.” She stresses that if companies aren’t already prepared to get compliant before the certification, there is only a slim chance these companies will be able to get compliant within those 90 days. Plus, companies are required to maintain compliance and must get re-certified every three years. With that in mind, Leia also developed a process for clients to maintain their compliance, offering two levels of service.
Companies in the health-care industry, are required to invest heavily in compliance. Yet many medical practices still do NOT have the compliance solutions they need in place.
Every single state has now adopted some form of data breach notification legislation, and more are coming. (For example, New York SHIELD Act, California’s CCPA, etc.)
Even if a business does not have a physical presence in a particular state, it must comply with that state’s laws if it gathers, stores, or has access to data on residents of that state. Plus, many regulations continue to expand.
Another reason companies are paying MSPs to handle compliance is because states are also passing “Affirmative Defense” Laws that stipulate if a company can show evidence of compliance with an industry-recognized standard (e.g. NIST CSF, HIPAA), then they can shield themselves from costly lawsuits in the event of a breach. When a company outsources its compliance, they can show they are trying to comply and have a company they can point a finger at if things go wrong.
Here are three proactive steps you can take today to add CaaS to your menu of options:
- If you’re not educating yourself on compliance, START. Get yourself up to speed on which regulations your clients must comply with in order to shield themselves from legal ramifications, fines and penalties. That said, it’s important to note that when it comes to CaaS or compliance work in general, you must be careful not to take on risks you cannot properly assess or manage—or the risk to your own business will quickly outsize the rewards.
- Tap into the expertise of vendor partners who specialize in compliance. Contact vendors and ask them about how they can assist you. There are vendor partners like Cisco, Compliancy Group, and CyberGuard360 who offer solutions that are designed to support regulatory standards in numerous industries. Plus, speaking with them will give you valuable insight into compliance-friendly services.
- Promote your compliance services. If you are already offering CaaS, promote it heavily. Make sure it’s front and center on your website and that you are marketing it. If you aren’t yet offering CaaS, put a date on your calendar for when you will start offering it and plan a promotion around your announcement. Also, when marketing, help your clients understand the importance of compliance too
The bottom line is you must put together a plan for adding CaaS. Because if you don’t, you risk losing clients to an MSP who does offer it.
