Better Call an MSP Part 9 – Compliance as a Service: A New Revenue Opportunity

Business Speak

 

By Shannon Mayer, Senior Product Marketing Manager, Continuum

The ninth installment of a monthly blog series offering tips and best practices on various ways MSPs can help their SMB clients work through the most challenging daily business issues.

 

In the last installment of “Better Call an MSP,” I offered insight on misconceptions regarding outsourcing. Now let’s discuss a new revenue opportunity for the New Year that MSPs should be thinking about: Compliance as a Service or CaaS. If you haven’t spent much time on compliance measures with your clients, then now is as a good a time as any to consider it because there is a growing need for compliance specialists in the market. Perhaps you aren’t sure of the specifics, or you haven’t found the right time to bring it up. One way to start, regardless of your vertical focus, is to check out these tips below for more information.

1.) New Year, New Offerings. It’s January, which means it’s a new year and new quarter. What better time than now to discuss proactive approaches with your clients? Even if they haven’t been asking for new and/or additional services, now is the time to start building awareness by leveraging your “trusted advisor” skills. Make a point to set a meeting sometime in the next month or two to discuss long-term projects and needs. Your clients know, especially if they are involved in verticals such as retail, hospitality and healthcare, that there are compliance measures they must adhere to. Many do not know how to tackle the compliance issues or may not be aware of how to ensure they are up-to-date with compliance measures like PCI (Payment Card Industry) and the Health Insurance Portability and Accountability Act (HIPAA). While you don’t want to use fear tactics to scare your clients into submission, the reality is that if they do not meet compliance measures, they could inadvertently and (unknowingly) face fines and penalties that could affect their business and revenue.

2.) Getting Vertical Specific: As an MSP, I’m sure that you are familiar with terms like PCI, HIPAA and Sarbanes-Oxley, especially if you have clients in verticals bound by these compliance standards. However, while a client might know of these regulations, it should be part of your job to ensure they are current. So why not position yourself as the thought leader and educate them on what they need to do to stay compliant and offer to help them? For instance, if your focus is on healthcare clients, you want your clients to know that OCR (Office of Civil Rights) confirmed that they will be issuing phase 2 of HIPAA compliance audits early this year. If your clients aren’t aware of this, they might end up getting audited and could face steep non-compliance fines. FYI - OCR has established a comprehensive protocol that contains the requirements to be assessed through audits, which can be found here.

Regarding PCI, if you have customers within the retail or hospitality sector, you know that this can be a tricky vertical, especially with all of the current changes regarding payment cards, such as EMV chips and mobile payments. Organizations such as the PCI Security Standards Council, and the Retail Solution Providers Association (RSPA) are focused on providing information on the various standards and regulations regarding PCI compliance measures. To stay current, start by logging on to these websites and utilizing the resources and forums that they provide. While the RSPA is member-based, you don’t need to have a membership to be part of their resource community.

3.) Prevention = New Revenue Opportunities: Aside from helping clients avoid hefty non-compliance fines, CaaS can also be a new revenue stream for you. There are huge margin potentials that can come from offering services around compliance, especially if you brand yourself as a “compliance specialist.” Aside from the initial assessments, charge for pre- and post-work projects to resolve issues uncovered during the audit. If you aren’t sure where to start, talk to your vendor partners, as some might already have established partnerships with companies that offer PCI and HIPAA network assessments. For example, Continuum works with RapidFire Tools to provide HIPAA and PCI compliance network assessment modules to MSPs. This is a good place to start, as you won’t have to “re-invent” the wheel when adding this service.

If you are going to add CaaS, I would pull this out of your “managed services bundle” or “project work” bucket, and position it on your website as a separate offering. This is better for search engine optimization (SEO) and branding purposes. End-users are online today searching for companies that offer compliance services and you want to be easily found. If these offerings are buried somewhere in your website (or not advertised specifically at all), then it’s more difficult for potential customers to find you.

Remember, the key here is not to shove another “as a service” offering down your client’s throat. It’s more about building awareness that you offer CaaS and letting them know what they need to do to stay compliant and out of legal trouble. The bottom line is that most SMBs don’t have a choice when it comes to compliance, and as an MSP, you can help them get there, while concurrently adding a new revenue stream to your business.

Shannon Mayer is Continuum's Senior Product Marketing Manager and is directly responsible for platform go-to-market strategy and messaging as well as business intelligence. She manages the Continuum Peer Groups program and content for Navigate 2016, Continuum’s annual partner conference. Shannon was named a 2013 Channel Chief by CRN and has also been named to the MSPmentor 250, CRN’s ‘Top 100 People You Don’t Know, But Should’, and CRN’s ‘Women of the Channel: Power 100’ lists. Follow her on Twitter: @shannonjmayer.