From Checklists to True Compliance-as-a-Service (EP 947)
Uncle Marv sits down with Compliance Scorecard’s founder Tim Golden and channel veteran Shanna Utgard to unpack how MSPs can turn compliance from a painful checkbox exercise into a profitable, defensible service offering. They dive into risk conversations, cyber insurance, frameworks like CMMC and HIPAA, and why documenting client decisions is now essential for avoiding lawsuits.
MSPs are being dragged into compliance whether they’re ready or not, and this episode gives you a practical roadmap from people who’ve already done it. Tim and Shanna break down how to launch compliance-as-a-service, reduce your legal exposure, and finally get paid for work you’re already doing for free.
Why Listen:
- Learn how Compliance Scorecard evolved from a simple checklist into a multi-module GRC platform built by an MSP for MSPs.
- Hear real stories about CMMC, HIPAA, New York DFS, SOC 2 and cyber insurance requirements driving new revenue and risk.
- Understand how to document client decisions so “we told you no” is provable when lawyers and insurers get involved.
- Discover how to reposition your QBRs/TBRs from “ticket counts” to executive-level risk and business impact conversations.
- See why assigning a dedicated compliance champion inside your MSP is the crucial first step before tools.
- Get a preview of Compliance Scorecard’s AI-driven policy experience that explains policies “like I’m five” and tests user understanding.
*** Cast your vote for the 2025 Podcast Awards: https://www.itbusinesspodcast.com/p/2025-podcast-awards/
Links from the Show:
- Compliance Scorecard: https://www.compliancescorecard.com
- CMMC (Cybersecurity Maturity Model Certification): https://dodcio.defense.gov/cmmc/About/
- HIPAA (Health Insurance Portability and Accountability Act): https://www.hhs.gov/hipaa
- New York DFS (Department of Financial Services Cybersecurity Regulation): https://www.dfs.ny.gov
- FedRAMP: https://www.fedramp.gov
- CIS IG1 (Center for Internet Security Implementation Group 1): https://www.cisecurity.org
- SOC 2 (Service Organization Control 2): https://linkly.link/2SBSQ
SPONSORS:
- Livestream Partner, ThreatLocker: https://www.itbusinesspodcast.com/threatlocker
- Legacy Partner, NetAlly: https://www.itbusinesspodcast.com/netally/
- Internet Provider, Rythmz: https://www.itbusinesspodcast.com/rythmz
- Production Gear Partner, Liongard: https://www.itbusinesspodcast.com/liongard
- Travel Partner: Bvoip: https://www.itbusinesspodcast.com/bvoip
- Travel Partner: TruGrid: https://www.itbusinesspodcast.com/trugrid
- Digital Partner, Designer Ready: http://itbusinesspodcast.com/designerready
SHOW MUSIC:
- Item Title: Upbeat & Fun Sports Rock Logo
- Item URL: https://elements.envato.com/upbeat-fun-sports-rock-logo-CSR3UET
- Author Username: AlexanderRufire
- Item License Code: 7X9F52DNML
SHOW INFORMATION:
- Website: https://www.itbusinesspodcast.com/
- Host: Marvin Bee
- Uncle Marv’s Amazon Store: https://amzn.to/3EiyKoZ
- Become a monthly supporter: https://ko-fi.com/itbusinesspodcast
