Uncle Marv interviews Tim Golden, the co-founder of Compliance Scorecard, at the PAX 8 Beyond conference. They discuss the latest version 5.0 release of Compliance Scorecard, which introduces new compliance-based features like a risk register, plan of actions and milestones (POAM), and more. Tim explains how these features help MSPs identify, track, and mitigate risks for their clients, as well as plan and manage the remediation process.
Tim Golden, co-founder of Compliance Scorecard, joins Uncle Marv to discuss the latest version 5.0 release of their governance-as-a-service platform. The new release introduces several compliance-focused features to help MSPs better manage risks and compliance requirements for their clients.
One of the key new features is the risk register, which allows MSPs to identify and track areas of risk for their clients. MSPs can essentially build an "Amazon shopping cart" of risks, quote them, and work with clients to either mitigate or accept those risks. This provides a structured way to have risk conversations and maintain defensibility over time.
Another notable feature is the POAM (plan of actions and milestones), which provides a framework for planning actions, assigning responsibilities, setting timelines, and tracking costs associated with addressing identified risks. This helps MSPs streamline the risk mitigation process and project management.
Compliance Scorecard is designed to help MSPs navigate the complexities of compliance, cybersecurity readiness assessments, and risk management conversations with their customers. Tim highlights their peer group and educational resources as key differentiators, enabling MSPs to learn best practices and processes for compliance and risk management.
Key Takeaways:
=== Show Information
Website: https://www.itbusinesspodcast.com/
Host: Marvin Bee
Uncle Marv’s Amazon Store: https://amzn.to/3EiyKoZ
Become a monthly supporter: https://www.patreon.com/join/itbusinesspodcast?
One-Time Donation: https://www.buymeacoffee.com/unclemarv
=== Music:
Song: Upbeat & Fun Sports Rock Logo
Author: AlexanderRufire
License Code: 7X9F52DNML - Date: January 1st, 2024
[Uncle Marv] (0:15 - 0:44)
Hello friends, Uncle Marv here, and we are doing the first interview here on Radio Row at PAX 8 Beyond. And this is day one, we've just finished the first general session, and big news is coming out from a lot of the vendors all over the place. Sitting next to me is a friend of the show, you know him, Tim Golden.
Tim, how are we doing? I'm doing really well, really well.
[Tim Golden] (0:44 - 0:51)
It's a great show, always happy to connect with old friends and new. So thanks for chatting with me.
[Uncle Marv] (0:51 - 0:56)
All right, so Compliance Scorecard, you guys actually just put out a big announcement here.
[Tim Golden] (0:57 - 1:28)
We did, we did. So version 5.0, lots of great compliance-based features, like the ability to have a risk register, the ability to do like plan of actions and milestones, kind of the things that affect a lot of CMMC customers, but not just for CMMC, like anybody doing insurance work or FTC or any of those kind of varying safeguards, our new versions can help have that conversation easily and effectively.
[Uncle Marv] (1:28 - 1:38)
So risk register is the name that kind of popped out. Yeah. And something that's supposed to help us as MSPs manage stuff.
So can you describe that in a little more detail?
[Tim Golden] (1:38 - 2:51)
Sure, sure. So, you know, a lot of MSPs do assessments, right? Gap analysis or evaluations.
And when we do those, we identify areas that are of risk, right? Oh, you don't have 2FA or you don't have backup, like the things that, you know, our clients should be doing as an MSP. Well, a risk register allows us to, I like to say, build an Amazon shopping cart of the risks, right?
So identify those gaps, build your shopping cart, quote, quote, and then work alongside your customer to either mitigate and fix those risks, which is what we really want so that we can build the project work and make the revenue off of that, or allow the customer to either, you know, defer, accept, mitigate. There's five categories of what a client can do with a potential area of risk. A good thing to think about is like, we keep telling them MFA and they said no.
Well, with the risk register, now we can track that and see why they said no and have that defensibility over time. We keep telling them, they keep saying no, and here's the reasons why.
[Uncle Marv] (2:51 - 2:51)
Right.
[Tim Golden] (2:51 - 2:59)
But as MSPs, what we really want is for them to mitigate and fix those risks. Yeah. To be better secure on the long run.
[Uncle Marv] (2:59 - 3:17)
All right. So along with that, so this, what is it called? The plan of action and milestones management feature.
Yeah. Is it kind of like a checklist that we can go over with our clients or is it more of a process to walk them through?
[Tim Golden] (3:17 - 3:47)
It's a little bit of both. Like for those that are in like the federal government space, POAM or plan of action, a milestone has a very specific set of things, right? Who's responsible, timelines, costs, you know, kind of think of like in a way of like tracking your project from a very high level, right?
You identified the gap and now you need to put on a plan of some sort of action that have milestones along the way.
[Uncle Marv] (3:47 - 3:58)
Okay. Now, we should probably have done this at the beginning, which I'm poor at is for people that don't know what compliance as a scorecard is. Can you tell us?
[Tim Golden] (3:59 - 4:47)
Absolutely. So compliance scorecard is a governance as a service platform. We help the MSP have that risk conversation with your customer from either a technical account management perspective or a technician's perspective.
We really try to help uncomplicate that compliance aspect of business, even if it was just dealing with cyber liability insurance. So between gap assessments, policies and procedures, now risk register and plan of actions and all these great features for you as an MSP to have the actual risk conversation with your customer in easy to understand terms. Charts, graphs, you know, the fun, that kind of fun stuff.
[Uncle Marv] (4:47 - 5:11)
Right. Now, of course, I always ask everybody, what kind of sets you apart from everybody else? Of course, everybody in the industry, not everybody, but you get the point.
There's a ton of people jumping in now to help us with our cybersecurity readiness and making sure that we are doing what we're supposed to do with our clients, protecting ourselves. So what makes compliance scorecard stand out from the others?
[Tim Golden] (5:11 - 6:11)
There's a couple of different things that sort of separates us from the industry. First is our peer group, right? I've taken the 20 years of us walking or me walking through this, and we've built a peer group to really help with the people and the process side of compliance and risk and technology and cybersecurity.
So the peer group or the cohort really backs up the platform, right? Gives you, the MSP, a safe place to have a conversation. So you're not getting blown up on Reddit, right?
To bring those questions. For example, we just launched this past week, CIS, get your house in order. So over the course of the next coming weeks, we're going to be teaching you all about CIS and the things and the people and the process and the tools to do that work for CIS.
So we do those kinds of things, you know, month after month, week after week after week to be able to teach you how to fish. And then with the platform, we have the tackle box to take you fishing.
[Uncle Marv] (6:11 - 6:17)
Nice. Nice. Now, did I see correctly, you guys are a Platinum sponsor this year?
Here? Yeah.
[Tim Golden] (6:21 - 6:29)
We're one of the levels. I should ask my co-founder, Maureen, exactly what level. I have too much to keep in my brain, but yes.
[Uncle Marv] (6:29 - 6:32)
She's not paying attention. She's just having her coffee. She's like, our money is spent.
[Tim Golden] (6:32 - 6:33)
We're good. We're good.
[Uncle Marv] (6:33 - 6:49)
Well, what I was going to ask with that is, I mean, it's been what, a few years now that you guys have done this. So doing that at an event like this, what does that, you know, look like for you in terms of what your expectations are, what your hopes are?
[Tim Golden] (6:49 - 7:35)
Sure. So in events in general, some are really great like this here at PAX 8, MSP GeekCon, which was just a few weeks ago. Some are more intimate that we really love those smaller, more intimate ones.
PAX 8 is obviously a great event. There's such good partners, such great content. I mean, the venue is beautiful and the food is amazing.
So having, I don't know, this is probably our 50th, don't hold me to the number, conference in the last 18 months or so. And I've been to some really great ones and I've been to some not so great ones. But really for us, it's about making that connection with our customers and our potentially new customers.
We're a very relational focused vendor.
[Uncle Marv] (7:36 - 7:55)
Yeah. You guys have been a friend to a lot of, not just the conferences, but to us as media, podcasters, MSPs in the channel. So appreciate that.
And thank you for stopping by for a couple of minutes and chatting about that. Congratulations on the news. Thank you.
Thank you. We'll see you out and about.
[Tim Golden] (7:55 - 8:00)
Awesome. Yeah. Thank you so much for having us.
We're always, you know, better together is kind of our motto.
[Uncle Marv] (8:00 - 8:11)
Yeah. All right, folks, that's going to do it here with this episode of the podcast. I'll be back with somebody else here from Radio Row.
So we'll see you then. Holla.
CEO/Founder
Tim Golden, Founder, Compliance Scorecard
For over two decades, I’ve dedicated myself to helping Managed Service Providers (MSPs) turn compliance from a daunting challenge into a powerful strategic advantage. As the founder of Compliance Scorecard, my mission is to empower businesses with the tools and knowledge they need to operate securely, manage risks effectively, and grow with confidence.
In 2024, I was honored to receive the CompTIA Cybersecurity Leadership Award—a testament to my unwavering commitment to safeguarding businesses in today’s complex digital landscape. My journey as an award-winning speaker has taken me to conferences, webinars, and executive roundtables across the industry, where I share actionable insights on governance, risk management, and cybersecurity.
As a dedicated advocate for MSPs and cybersecurity and an industry speaker, I’m passionate about demystifying complex topics and delivering practical, actionable advice. My approach to speaking on compliance, risk management, and cybersecurity is down-to-earth and accessible, ensuring that every audience member—whether an experienced MSP or someone new to the field—leaves with clear steps to enhance their business and security posture.