The moment you’ve all been waiting for is here — we’re pleased to announce the latest major release of Compliance Scorecard (drum roll, please).

Version 5 of our leading Compliance-as-a-Service (CaaS) platform is now live, and it delivers a ton of powerful new features to bolster your service portfolio, reinforce your market position as a trusted managed service provider (MSP), and unlock significant revenue-generating opportunities.

Compliance Scorecard is the solution you need to improve your internal governance and expand your MSP compliance service offering to clients. It simplifies the daunting tasks of compliance management, turning headaches into streamlined, systematic processes. With Compliance Scorecard, you enjoy features like fully loaded policy packs, asset governance tools, risk assessment scorecards, API integrations, and more.

V5 makes our platform even stronger, including enhanced risk management tools, improved asset management capabilities, new compliance reporting methods, expanded supporting documentation…the list keeps going.

V5 Key Features

Let’s take a look at the key features and talk a bit about how they support your quest to become a CaaS champion.

New Risk Register Tools

The risk register in the Compliance Scorecard platform is a comprehensive tool designed to help MSPs manage and mitigate identified risks within their clients’ programs. It serves as a central repository for tracking risks, including details such as risk descriptions, potential impacts, risk owners, mitigation actions, and current status. This helps organizations systematically manage and address risks, ensuring they are identified, analyzed, and controlled effectively.

Key features and functionalities
For MSPs, a risk register is essential in maintaining compliance with regulatory requirements and ensuring robust risk mitigation practices for their clients. Here are some key features:

Centralized Risk Management: Provides a comprehensive view of all identified risks in one central location. Allows MSPs to categorize and prioritize risks based on severity and potential impact.
Identification and Documentation: Risks and gaps identified during assessments can be added to the Risk Register with a single click, ensuring that all assessment findings are documented and managed effectively.
Risk Details: Each risk entry includes detailed information such as the nature of the risk, likelihood, and probability based on the client’s risk appetite. 
Plan of Action & Milestones (POAM) Management: Once a risk is identified and assessed in the Risk Register, MSPs can generate and assign action items for each identified risk. MSPs can also add details such as what steps need to be taken, who is responsible, the associated cost, and the expected start and end dates.
Decision-Making: The register allows for decisions on whether to accept, defer, transfer, or remediate each risk, providing a structured approach to risk management. 
Reporting and Monitoring: The platform offers reports, such as the Risk Matrix report, which visualizes the overall risk landscape and helps in tracking the progress of risk mitigation efforts. 
Client Communication: The risk register facilitates clear communication with clients, helping them understand their risk posture and the necessary actions to improve their compliance and security.

These features collectively enhance the ability of MSPs to manage risks proactively and maintain a strong security posture, ultimately enhancing their clients’ governance, risk, and compliance (GRC) strategies./

Benefits

Streamlined Remediation: Allows MSPs to set clear, actionable milestones for addressing identified risks. This enables them to visualize progress on risk mitigation and efficiently manage tracking and remediation efforts.
Regulatory Compliance: Supports compliance with various regulatory requirements that mandate the creation and maintenance of a POAM for cybersecurity and compliance risks.
Auditing and Reporting: Provide clear accountability with customizable risk responses, which is crucial for audit trails and compliance reporting.
Accountability: Assigns clear responsibilities, making it easier to track progress and hold team members or clients accountable for their roles in mitigating risks.
Client Engagement: Engages clients in the risk management process, promoting a collaborative approach to security and compliance.

More Asset Management Integrations

The Asset Management feature enables you to manage and monitor client assets across multiple client sites, ensuring every piece of hardware and software is accounted for and compliant with relevant standards.

Key features and functionalities

You can now leverage API integrations with Liongard software and M365 hardware to seamlessly import assets into the Compliance Scorecard's Asset List. This feature allows for the continuous monitoring and management of assets across client environments, such as software and hardware assets, human assets and user accounts, and facility assets. You can also create your own Asset List or use templates provided within the platform.

Benefits

Operational Efficiency: Improves operational efficiency by providing a centralized platform for asset management, which simplifies the tasks of adding, updating, and auditing assets.
Asset Tracking: Ability to review the list of assets from the source of truth and compare assets over time showing new, duplicate, and suspect. Understand what’s been added, changed, or moved on a schedule you define.
Regulatory Compliance: Supports compliance efforts by maintaining an accurate and comprehensive asset inventory, essential for meeting regulatory requirements such as CIS V8 Control 1.1: enterprise asset management.
Reduced Risk: Helps identify and manage risk by providing a central place to track what devices you have, what hardware you have, and what humans you have, because you can’t protect what you don’t know.

New Compliance Control Assessment (CCA) Reports

An invaluable tool for work with CIS, CMMC, SOC2 and ISO, this feature allows MSPs to generate reports on a client’s current position on a framework requirement along with supporting evidence. CCA reports support both compliance reporting and makes the auditing process easier.

Key features and functionalities

Compliance Control Assessment (CCA) reports are an entirely new feature for Compliance Scorecard. MSPs can select an assessment, name the report, customize the introductory paragraph, and then generate the Compliance Control Assessment. Once generated, the report can be downloaded as a PDF, making it easy to share with stakeholders at QBR’s and TBR’s.

Here are some of our other favorite features:

Customizable Compliance Assessments: MSPs can generate Compliance Control Assessments for any assessment event and customize the report, including naming the report and adding an initial paragraph.
Integration with Assessment Events: Seamlessly integrates with existing assessment events and ensures that all necessary compliance data is captured and reported accurately.
PDF Export: Generated CCA reports can be easily downloaded as PDFs, facilitating sharing with stakeholders and maintaining records for audits and compliance reviews.
User-Friendly Interface: Simple and intuitive interface for creating and customizing reports. Enhances user experience and efficiency in report generation.
Actionable Insights: Provides detailed insights that help in making informed decisions regarding compliance. Supports proactive compliance management and risk mitigation.

These features of the Compliance Control Assessment (CCA) report empower MSPs to efficiently assess and document compliance, ensuring that all necessary controls are evaluated and reported.

Benefits

Detailed Compliance Insights: Provides a granular view of compliance status across different controls, helping MSPs pinpoint areas that need attention.
Streamlined Compliance Processes: Automates and simplifies the generation of compliance reports, saving time and reducing the risk of human errors.
Build Client Trust: By regularly generating and sharing these detailed compliance reports, MSPs can build and maintain trust with clients, demonstrating transparency and commitment to compliance.

Enhanced Supporting Documentation

Whether you’re training new staff or implementing more complex compliance programs for your clients, Compliance Scorecard’s comprehensive suite of supporting documentation is designed to maximize user understanding and facilitate easier navigation of the platform.

This extensive documentation supports current users, but also strategically positions the platform for easier adoption by new clients. In short, it provides all the resources needed to ensure that anybody can effectively utilize the platform's features.

Key features and functionalities

Onboarding Guide with Checklists: Provides new users with a structured start-up process, ensuring they understand the essential functions and set-up procedures.
Step-by-Step Instructional Videos: Features visual guides that walk users through features and processes within the platform, enhancing learning and retention.
Detailed Written Documentation: Covers every aspect of the platform with in-depth explanations, screenshots, and steps to follow, making it easy for users to find help on specific topics.
Supporting Videos: Complements the written guides, offering visual demonstrations for a clearer understanding of the platform's capabilities.

Benefits

Accelerated Learning Curve: Reduces the time it takes new users to become proficient with the platform.
Increased User Engagement: By providing multiple formats of guidance, users can choose the method that best suits their learning style.
Improved Issue Resolution: Helps users solve problems quickly without needing to contact support, leading to higher overall satisfaction.
Enhanced Resource Accessibility: Makes it easy for users to access helpful information right when they need it, directly impacting productivity and effectiveness.

And There’s More…

Version 5 also comes with a few more upgrades we thought you’d enjoy:

Global Template Sharing: Ability to share assessment templates globally after approval (plus, improved address fields for global use to support international MSPs).
OSCAL Policy Format: Policies now follow OSCAL format with comprehensive sections.
Policy Management Enhancements: Includes user interface enhancements, improved versioning capabilities within the policy section, new functionalities for managing Written Information Security Policies, and new features and improvements for policy deployment.

Auto Logout Control: Customizable auto logout settings.
Major Site Improvements and Bug Fixes: Overhauled assessment processes, updated UI components, fixed significant bugs, and improved the dashboard and policy management functionalities.

Notable Links

Compliance Scorecard Release Notes

Compliance Scorecard Public Documentation

Ways to Learn More

Sign Up for a Demo:

Dive deeper into our new features by signing up for a demo. Discover how our latest updates can transform your compliance workflow and create a new revenue stream for your MSP.

Join the Peer Group:

Connect with peers and gain insights by joining our Peer Group. Stay ahead with shared knowledge and experiences.

Understanding Compliance as a Service (CaaS) and Its Importance for MSPs

Why MSPs Should Offer Governance as a Service

Posted in Company News