How to use Compliance-as-a-Service to set your MSP business apart

Posted by Stuart Crawford on Nov 4, 2015 9:00:00 AM

Compliance as a serviceIt seems like every day I get a call from a stressed out IT service provider asking how to differentiate themselves from their competition. After all, in a world where 99.9 percent of IT service organizations all say the same thing and offer similar services, how do you create separation and win new business opportunities?

In a recent article on MSPMentor, Carrie Simpson from Managed Sales Pros offered some very timely advice — Go Niche! And I couldn’t agree more. This is something we stress over and over to our clients here at Ulistic. The few that actually heed the advice and go deep into one vertical are rewarded with industry leadership and a more well run managed IT services organization.

It’s a lesson I learned firsthand. Many years ago when I was starting my own IT services business in Calgary, Karl Bryan, an old friend and colleague of mine, told me, Stuart, you will make more money being different versus trying to be better than your competitors.” This was sound advice for a young business owner in a very competitive market, and IT Matters went on to become a $5.5M IT service provider in seven short years, thanks to Karl’s savvy advice.

HIPAA Compliance and data protection

Chris Michalec, President of Winston-Salem IT services company Parkway Tech, also knows the rewards of going vertical. “Over time, I noticed that our best clients were all law offices and law firms, and I also found that our team was getting very proficient at the software that was unique to law offices,” Chris shared with me. “We decided that focusing on this specific vertical, with all the potential it had, would allow us to provide better service at a better price. It was also a bonus that training new staff members would be easier since they would now have a limited set of software to become familiar with.”

Compliance: The next frontier compliance as a service

I recently met Marc Haskelson, the CEO and president of The Compliancy Group in New York City. Since then, our organizations have worked closely together for a number of clients, creating the unique differentiators they needed to win new business.

Many IT service companies serve healthcare organizations, but when it comes to having a well-rounded compliance offering, most fall short. They believe offering a simple risk assessment means that their healthcare clients, both covered entities and business associates, are compliant. This is far from the truth. A risk assessment is just one small component of becoming HIPAA compliant.

During a recent discussion, Marc explained the disconnect to me this way: “Misconceptions healthcare professionals have about being compliant are aggravated by misinformation regarding Security Risk Assessments (SRAs) and an incomplete and fractured process by which many organizations go about achieving compliance. Often, they complete parts of the required efforts but fail to address the entirety of the regulation.”

Benefits of Compliance-as-a-Service

Covered entities and business associates need something much deeper, and this is where Compliance-as-a-Service and understanding all the rules surrounding HIPAA separates savvy IT service providers from the rest of the pack.

Haskelson’s group provides a turn-key solution for managed IT service companies to offer Compliance-as-a-Service and turn themselves into compliance specialists. The Compliancy Group first ensures that your organization is compliant and then works with you to offer CaaS to your client base.

Managed service providers are in the ideal position to offer Compliance-as-a-Service to help their clients solve all of their critical compliance requirements beyond security risk assessments. MSPs are the trusted provider who can leverage their existing relationships to offer new services.  These new services are solving critical needs while adding recurring and highly profitable new revenue streams.

To learn more about Compliance-as-a-Service, watch this introductory webinar.

backup and recovery in health care it

Stuart Crawford UlisticStuart Crawford serves as Chairman and CEO of Williamsville, NY- and Burlington, ON-based Ulistic, a specialty firm focused on information technology marketing and business development. He brings a wealth of knowledge and experience pertaining to how technology business owners and IT firms can use marketing as a vehicle to obtain success.

If you would like to speak with Stuart in regard to your online marketing, social media or how to blog effectively, give him a call at 716.799.1999 ext 101 or email

Photo Credit: Newtown graffiti via Used under CC 2.0 License.

Topics: HIPAA and Healthcare IT, Differentiation

Which Data Loss Gremlin Is Targeting You
Intronis Local Lunches
MSP Phishing Quiz
Intronis Local Lunches
MSP Marketing Assessment