When your clients go through a cybersecurity compliance audit, it’s your services being audited.
If you fail, they fail.
I've seen MSPs get fired after their clients failed audits. Being prepared to pass an audit is more than delivering everyday services.
If you don’t feel the pain of a compliance migraine, you need to learn more about increased compliance enforcement and your risk of losing valuable clients. Cybersecurity regulations and frameworks are increasing requirements for third-party service providers, including MSPs.
Curing these migraines has never been done before, and it could only be done by combining my years of experience as a compliance expert, plus the knowledge I have by running my own MSP business and now a consulting firm, and being the IT industry’s leading compliance expert - with the certifications to prove it.
You know you shouldn’t drive or use dangerous machinery when you have a migraine. You also shouldn’t try to run an MSP business while suffering from a compliance migraine. Or 3.
Years ago, cybersecurity compliance was a headache —I even wrote a book called How to Avoid HIPAA Headaches - but compliance was manageable because there were only a handful of regulations.
How can you know what success looks like when there are over 100 cybersecurity frameworks, regulations, and enforcement documents, with thousands of pages of confusing language that you must translate into MSP action steps?
Business contracts your clients sign (and often just file away) now include cybersecurity and compliance clauses. Cyber insurance policy applications ask ‘gotcha’ questions that add even more requireImage Sliderments on top of everything else. None of this was written to help MSPs understand what steps they need to take to deliver the right services that help your clients comply at a level that will survive scrutiny by certified assessors.Divider
Bottlenecks with overlapping frameworks and constantly changing regulations
Confusion with conflicting guidance and misinformation
Millions of dollars at risk with cyber insurance requirements and contractual obligations
Fear of getting fired by clients who expect you to ensure compliance without clear guidance
I figured out how to deal with these the hard way - going down time-wasting and expensive rabbit holes, making mistakes, and wasting a lot of time and money - until I translated all the regulatory language into action steps that my MSP business could deliver to clients.
The good news is that I can help you avoid the high time and money costs so you can get right to the success you deserve.
Most MSPs think that because they are smart they have compliance covered— until they don’t.
You don’t know if you’re giving the right advice.
Because you may not have gotten the right advice.
You don’t know what’s actually required.
Because the people that claimed they knew compliance were self-taught and never passed a certification test.
You don’t know if your clients will pass an audit—
or if they’ll blame you when they fail.
Like other MSPs that have been fired.
MSPs keep asking, "Are we doing this right?"
The truth we see? Most MSPs aren’t even close.
I’ve seen MSPs lose contracts, get fired, and face serious legal consequences because they didn’t know what they didn’t know.
The guidance I provide is actionable,
based on formal training, certifications, and hands-on experience,
not just more confusing gobbledegook.
You should be picky about who you choose to learn compliance from, because you want your guidance to be accurate and thorough.
You want to make sure you aren’t wasting time, wasting money, and—worse—putting yourself and your clients at risk by listening to the wrong person.
There are a lot of compliance wannabes and newbies cluttering the airwaves, giving out misinformation. They have no formal compliance training or certifications. Many are software sales reps, or current or former MSPs, who have learned some compliance language and talk with apparent authority, but that’s just on the surface. They have never delivered compliance services that have stood up to the scrutiny of government regulators. None would ever be considered by a law firm to be an expert witness.
CMMC Certified Assessor & CMMC Certified Professional
Certified Governance Risk Compliance - ISC2 (CGRC)
Certified Security Compliance Specialist (CSCS)
Certified HIPAA Security Professional (CHSP) (I authored the training)
Certified Business Continuity Professional (CBCP)
Certified Cyber Resilience Professional (CCRP) (I co-authored the training)
FBI InfraGard Member
Hundreds of cybersecurity compliance assessments of healthcare, non-profit, financial services, defense contractors, K-12 and Higher Education, and more
Decades of Experience Leading Compliance for MSPs
Helping MSPs and vendors build compliance offerings that greatly increased their acquisition value
Expert witness and consultant for cybersecurity and compliance lawsuits
I’ve seen MSPs lose contracts, get fired, and face serious legal consequences because they didn’t know what they didn’t know. The guidance I provide is actionable, not just more confusing gobbledegook.
Don’t be the next one.
© Copyright 2025 | Mike Semel, Complianceologist | Terms & Conditions | Privacy Policy