654 PAX 8 Beyond: Tim Golden Highlights Compliance Scorecard Version 5.0

[Uncle Marv] (0:15 - 0:44)
Hello friends, Uncle Marv here, and we are doing the first interview here on Radio Row at PAX 8 Beyond. And this is day one, we've just finished the first general session, and big news is coming out from a lot of the vendors all over the place. Sitting next to me is a friend of the show, you know him, Tim Golden.

Tim, how are we doing? I'm doing really well, really well.

[Tim Golden] (0:44 - 0:51)
It's a great show, always happy to connect with old friends and new. So thanks for chatting with me.

[Uncle Marv] (0:51 - 0:56)
All right, so Compliance Scorecard, you guys actually just put out a big announcement here.

[Tim Golden] (0:57 - 1:28)
We did, we did. So version 5.0, lots of great compliance-based features, like the ability to have a risk register, the ability to do like plan of actions and milestones, kind of the things that affect a lot of CMMC customers, but not just for CMMC, like anybody doing insurance work or FTC or any of those kind of varying safeguards, our new versions can help have that conversation easily and effectively.

[Uncle Marv] (1:28 - 1:38)
So risk register is the name that kind of popped out. Yeah. And something that's supposed to help us as MSPs manage stuff.

So can you describe that in a little more detail?

[Tim Golden] (1:38 - 2:51)
Sure, sure. So, you know, a lot of MSPs do assessments, right? Gap analysis or evaluations.

And when we do those, we identify areas that are of risk, right? Oh, you don't have 2FA or you don't have backup, like the things that, you know, our clients should be doing as an MSP. Well, a risk register allows us to, I like to say, build an Amazon shopping cart of the risks, right?

So identify those gaps, build your shopping cart, quote, quote, and then work alongside your customer to either mitigate and fix those risks, which is what we really want so that we can build the project work and make the revenue off of that, or allow the customer to either, you know, defer, accept, mitigate. There's five categories of what a client can do with a potential area of risk. A good thing to think about is like, we keep telling them MFA and they said no.

Well, with the risk register, now we can track that and see why they said no and have that defensibility over time. We keep telling them, they keep saying no, and here's the reasons why.

[Uncle Marv] (2:51 - 2:51)
Right.

[Tim Golden] (2:51 - 2:59)
But as MSPs, what we really want is for them to mitigate and fix those risks. Yeah. To be better secure on the long run.

[Uncle Marv] (2:59 - 3:17)
All right. So along with that, so this, what is it called? The plan of action and milestones management feature.

Yeah. Is it kind of like a checklist that we can go over with our clients or is it more of a process to walk them through?

[Tim Golden] (3:17 - 3:47)
It's a little bit of both. Like for those that are in like the federal government space, POAM or plan of action, a milestone has a very specific set of things, right? Who's responsible, timelines, costs, you know, kind of think of like in a way of like tracking your project from a very high level, right?

You identified the gap and now you need to put on a plan of some sort of action that have milestones along the way.

[Uncle Marv] (3:47 - 3:58)
Okay. Now, we should probably have done this at the beginning, which I'm poor at is for people that don't know what compliance as a scorecard is. Can you tell us?

[Tim Golden] (3:59 - 4:47)
Absolutely. So compliance scorecard is a governance as a service platform. We help the MSP have that risk conversation with your customer from either a technical account management perspective or a technician's perspective.

We really try to help uncomplicate that compliance aspect of business, even if it was just dealing with cyber liability insurance. So between gap assessments, policies and procedures, now risk register and plan of actions and all these great features for you as an MSP to have the actual risk conversation with your customer in easy to understand terms. Charts, graphs, you know, the fun, that kind of fun stuff.

[Uncle Marv] (4:47 - 5:11)
Right. Now, of course, I always ask everybody, what kind of sets you apart from everybody else? Of course, everybody in the industry, not everybody, but you get the point.

There's a ton of people jumping in now to help us with our cybersecurity readiness and making sure that we are doing what we're supposed to do with our clients, protecting ourselves. So what makes compliance scorecard stand out from the others?

[Tim Golden] (5:11 - 6:11)
There's a couple of different things that sort of separates us from the industry. First is our peer group, right? I've taken the 20 years of us walking or me walking through this, and we've built a peer group to really help with the people and the process side of compliance and risk and technology and cybersecurity.

So the peer group or the cohort really backs up the platform, right? Gives you, the MSP, a safe place to have a conversation. So you're not getting blown up on Reddit, right?

To bring those questions. For example, we just launched this past week, CIS, get your house in order. So over the course of the next coming weeks, we're going to be teaching you all about CIS and the things and the people and the process and the tools to do that work for CIS.

So we do those kinds of things, you know, month after month, week after week after week to be able to teach you how to fish. And then with the platform, we have the tackle box to take you fishing.

[Uncle Marv] (6:11 - 6:17)
Nice. Nice. Now, did I see correctly, you guys are a Platinum sponsor this year?

Here? Yeah.

[Tim Golden] (6:21 - 6:29)
We're one of the levels. I should ask my co-founder, Maureen, exactly what level. I have too much to keep in my brain, but yes.

[Uncle Marv] (6:29 - 6:32)
She's not paying attention. She's just having her coffee. She's like, our money is spent.

[Tim Golden] (6:32 - 6:33)
We're good. We're good.

[Uncle Marv] (6:33 - 6:49)
Well, what I was going to ask with that is, I mean, it's been what, a few years now that you guys have done this. So doing that at an event like this, what does that, you know, look like for you in terms of what your expectations are, what your hopes are?

[Tim Golden] (6:49 - 7:35)
Sure. So in events in general, some are really great like this here at PAX 8, MSP GeekCon, which was just a few weeks ago. Some are more intimate that we really love those smaller, more intimate ones.

PAX 8 is obviously a great event. There's such good partners, such great content. I mean, the venue is beautiful and the food is amazing.

So having, I don't know, this is probably our 50th, don't hold me to the number, conference in the last 18 months or so. And I've been to some really great ones and I've been to some not so great ones. But really for us, it's about making that connection with our customers and our potentially new customers.

We're a very relational focused vendor.

[Uncle Marv] (7:36 - 7:55)
Yeah. You guys have been a friend to a lot of, not just the conferences, but to us as media, podcasters, MSPs in the channel. So appreciate that.

And thank you for stopping by for a couple of minutes and chatting about that. Congratulations on the news. Thank you.

Thank you. We'll see you out and about.

[Tim Golden] (7:55 - 8:00)
Awesome. Yeah. Thank you so much for having us.

We're always, you know, better together is kind of our motto.

[Uncle Marv] (8:00 - 8:11)
Yeah. All right, folks, that's going to do it here with this episode of the podcast. I'll be back with somebody else here from Radio Row.

So we'll see you then. Holla.