Guest Column | October 26, 2015

Compliance-as-a-Service Can Drive Vertical Market Opportunities


By Miles Jobgen, Director of Trustmarks, CompTIA

How well does your IT firm support legal firms, banks, retailers and other customers? Not just their computers, networks, and the applications that manage their information and allow them to run their daily operations — but everything they need to meet local, state, and federal regulations as well as industry guidelines. That’s the ultimate recipe for channel success.

The IT industry continues to shift. With cloud and managed services reducing the cost of entry and a host of direct sales vendors crowding the market, these formerly lucrative offerings are becoming more and more commoditized with each passing year. Businesses simply have more options for spending their technology dollars today. Laptops and tablets are readily available through online retailers and they can set up basic file sharing accounts on their own, or they can just contract with their local phone company for a variety of services formerly offered only through managed services providers (MSPs). That is rapidly diminishing the value of solutions providers who aren’t differentiating and molding their business models to meet the needs of their specific clientele.

Today’s customers need help with design, procurement, implementation, training, and ongoing support. Each can make your business stand apart from the masses, and improve the value of your organization to current and prospective clients. But those who want to go further along on the channel evolution scale address their customers “biggest and hairiest” pain point: compliance.

Aside from growing their revenue, meeting local, state, federal, and industry-related mandates and rules is typically the largest challenge for any organization. For SMBs with few resources and less ability to keep up with all the changes each year, solutions providers who can manage that aspect of their business are invaluable. Of course, if it were that easy, every VAR and MSP would be doing it.

Go Vertical, Go Deep

The truth is, any provider can offer “Compliance-as-a-Service” to their customers. It would typically be offered one of two ways: (1) included as part of the company’s overall IT services offering or (2) sold as part of a separate, billable practice. The latter could include an industry assessment, consultation, and project work that brings the customer into compliance with the appropriate rules and regulations.

Before spending an inordinate amount of time and other resources building out these portfolio options, solutions providers should thoroughly evaluate the opportunities in their own, local markets. What investments and development steps will be required to develop an effective compliance as a service program for that target audience? How will they promote their newfound expertise?

Here are a couple best practices to consider:

  • Become a vertical market specialist: rules and regulations can vary significantly from one industry to the next, so find out which type of customers would pay for (or simply value) compliance support. Some verticals are more regulated than others and, if the costs associated with non-compliance are high, the value of your expertise will be easier to convey. Which customers are the most likely prospects?  
    • Healthcare — doctors’ and dentists’ offices, hospitals, insurance brokers, and other medical professionals must comply with the privacy standards outlined in the Health Insurance Portability and Accountability Act (HIPAA). Depending on the location and other business practices, they may have to also comply with a variety of other rules and regulations.
    • Financial — the Financial Industry Regulatory Authority (FINRA) offers oversight, rules and guidelines for banks, credit unions and brokers/dealers who sell US securities. Business continuity and information security expertise are crucial areas of concern.
    • Retail, Hospitality — the PCI (Payment Card Industry) standards affect every business that accepts credit cards. Many retailers, restaurants and hotels rely on outsource partners for this expertise, tapping into both their technological as well as their security consultation and training skills.

      In reality, most businesses have to comply with some regulation and industry standards today. Ask your current/prospective customers about any audits and paperwork they have to file, and you could uncover a variety of new opportunities. If your company can automate, validate or simplify their processes, it could lead to additional revenue streams from other clients as well.        
  • Gain industry credentials to boost credibility: without an established relationship in place, it’s extremely hard to demonstrate your organization’s reliability or experience. When promoting your compliance expertise, your organization has to be credible and demonstrate an ability to follow prescribed best practices. That’s exactly what the CompTIA Trustmarks offer, acknowledgement of a provider’s integrity and commitment to industry standards.
    • For example, the CompTIA Security Trustmark+ aligns well with other rigorous security compliance criteria. Holders can use this credential to validate their knowledge and capabilities related to network and data protection standards.
    • MSPs that attain the CompTIA Managed Services Trustmark have a similar story to tell. They agree to an industry code of conduct and have to meet a variety of criteria related to their operations and other business practices. The Trustmark is a differentiator that opens the door to discussions on strategy and compliance, allowing providers to educate prospects on the benefits of working with a responsible MSP.    

While there’s no set path for building or promoting compliance as a service as of yet, many channel firms have already invested in those types of support programs for their customers. They add a unique value proposition in a highly competitive business environment and solve a pain point many organizations either can’t or don’t address on their own. Is compliance as a service an option your customers would utilize? There’s a good chance they would.