The Multimillion-Dollar Compliance Goldmine MSPs Are Sitting On
Regulatory compliance is already huge , but all the regulations are expanding . Even if your clients don ’ t fall under HIPAA or CMMC , changes in the regulatory landscape are impacting data management and security , as states are requiring better protection and privacy for consumers .
Even without external requirements , the risks associated with failure to comply have made it a glaring problem and one far too daunting a task for organizations of ALL sizes to do themselves .
This highlights the fact that Compliance-as-a-Service ( CaaS ) is a goldmine for MSPs who are willing to add it to their list of services . Not only is it a strategic way for MSPs to attract new business , but it also presents a strategic way to increase your revenue by catering to compliance requirements for existing clients .
During a recent TMT Producers Club meeting , a panel of experts discussed why compliance is important , what opportunity it presents for MSPs , and why not adding CaaS could be a death sentence to your MSP .
The panel included four incredible people : Jon DePerro , chief compliance officer of Vector Choice , who served as a counterintelligence special agent in the U . S . Army with various global assignments that involved advanced security and threat management roles at Army Intelligence and Security Command and the NSA ; Jennifer Morris , who served as an attorney for the CIA , a JAG officer for the U . S . Army , and an associate general counsel intelligence and acquisitions for the U . S . Navy and has more than 22 years of legal practice experience and 18 years in-house council for IT companies ; Paul Tracey , founder of HIPAA-verified Innovative Technologies , a full-service MSSP ( managed security service provider ), who helps small- and medium-size businesses
26 | MSPSuccessMagazine . com • VOLUME 3 ISSUE 6
“ If we ’ re not doing compliance as a service , then we ’ re putting our business at risk for someone else to come in and do compliance for them , and then they ’ ll use that to take over our business .”
– Paul Tracey , Founder , Innovative Technologies , LLC
mitigate cybersecurity risks and establish a company culture that supports secure and efficient IT ; and Rusty Goodwin , an organizational efficiency consultant at the Mid-State Group , who helps companies with compliance from an insurance perspective .
Why Is Compliance Important For MSPs ?
Adding CaaS to your business improves your margins and can increase your growth , but more importantly , it prevents you from losing customers . “ If we ’ re not doing compliance as a service , then we ’ re putting our business at risk for someone else to come in and do compliance for them ,” Paul Tracey said , “ and then they ’ ll use that to take over our business .”
From a legal standpoint , Jennifer Morris said there is a lot more at stake , and she continued , “ Without [ compliance ], you ’ re extremely at risk and open to liability . Compliance is important for you as MSPs because if you ’ re not compliant , then you are at risk for a lawsuit liability . If there ’ s something you are doing to not make your clients compliant or mostly compliant , then they ’ re at risk . All the regulations are expanding , so if you or your clients are anywhere in the U . S . government supply chain , for example , then the host of compliance requirements are vast , and the liability is becoming huge .”
What Is The Liability To MSPs ?
Liability comes in different forms , and while insurance transfers some of the liability , you can still get sued by clients for cyber malpractice or get sued by the Department of Justice for fraud under the False Claims act because you or your client is somewhere in the government supply chain . This can be a potentially bankrupting event because damages can be three times the amount of damages for every invoice . “ This can quickly lead up to