At a recent TMT event, we featured a panel including Vector Choice CEO Will Nobles, Vector Choice Chief Compliance Officer Jon DePerro, Taylor Johnson PL Partner Jennifer Morris, Innovative Technologies Owner Paul Tracey, and Executive Director of the Mid-State Group Rusty Goodwin.
These panelists discussed the best ways to sell compliance-as-a-service.
Will Nobles: How do you sell compliance as a service?
Jon DePerro: There is a relationship with clients that smaller MSPs have, and that the big MSPs don’t. I believe it’s that personal relationship that really helps you to sell compliance as a service to your clients. I sell compliance by not just selling a list of ‘do-outs’. What I’m selling is a partnership. I really do go in with clients saying, “I’m going to spend the time to get to know you and your whole team. We’re going to figure out what your business goals are. I’m going to find all your compliance requirements. I’m going to be that partner in your long-term success.” So truly what I sell is that relationship. I’m selling a relationship that our company, Vector Choice and your XYZ Company, are going to be on this journey together.
Of course, everything your client needs is not going to happen overnight. You manage expectations and compliance. If I do compliance, a full audit, and if I put my federal hat back on, you’re only as good as the moment I signed it because we all know every minute after that you’re slightly further and further out of compliance. So this has to be a journey. You get that good partnership and they’re going to fire all their other incidental IT companies like their VoIP and mobile device management providers. It’s going to be too hard to navigate having different companies, handling different systems when they could have one provider manage everything.
When I am trying to gain a new client, I would go in and maximize on selling compliance as a service in every way I can. I would give people amazing deals, because I know when we start remediating for them, I’m going to gain their business with all their MSP work as well. My approach is to provide business solutions that enable a company to succeed, and do what the other companies they’ve been paying, haven’t done for them.
Will Nobles: But it’s not a one time thing is it?
Jon DePerro: We may sell it in phases. For instance, starting with the gap analysis phase, the remediation phase, and then the compliance in a month-to-month management phase. It’s okay to gain their business in these phases. But the message I’m selling from day one is that I’m trying to get to compliance as a service and gain every bit of a company’s MSP spend. That’s my goal. All the other small work you do, is just part of the work you have to do to get there. You have to earn their trust. Those are all things we do at Vector Choice.
There’s always going to be a discovery phase where you have to understand their goals and you align them with a solution. So again, it’s a solution-based long-term play that you need to be selling from day one.
Will Nobles: Paul, what’s your opinion on how to sell compliance as a service?
Paul Tracey: So I would just piggyback on what Jon said, by asking a general thought question. “What does Jon need in order to involve the current MSP, (if there is one), in selling the client compliance?” You could have your next QBR with your client and they could tell you that they’ve outsourced compliance to another company. The point is that you can have a different conversation. You’re not talking about tools and patch management. Nobody wants to talk about that in the first place. And secondly, Microsoft is about to commoditize that right out of existence anyway. So where is your MSP going to differentiate? Where are you going to have different conversations that aren’t centered around tools, maintenance work, and patching machines that are going to literally take someone else’s business? The answer is compliance as a service. You don’t need those other things. A client can keep their existing MSP and to me that’s fine. Because I’m going to come in and sell compliance as a service and through building that relationship, I’m eventually going to own all of the other business possible from that one client. It’s just a matter of time.
Will Nobles: Rusty, What else from an insurance standpoint do we need to know about?
Rusty Goodwin: Well, I kind of want to address the same question Jon and Paul addressed about how to sell compliance as a service. First, one of the greatest things you can do for the C-suite level people, because they are the ones writing the checks for this. They aren’t usually going to understand most of the IT space jargon. They will just want to know why there are more zeros on the check they’re writing, than there were the last month. So in our business, what we’re trying to do is work with the people who are trying to forecast where their businesses are heading. When it comes to things like health benefits, car insurance, cyber liability, or compliance… CEOs know they’re going to have to spend a lot of money. What they hate is volatility. What they hate is not being able to actually plan. And by putting the right kind of compliance steps in place, making yourself a harder target, and having those layers of security and compliance, you’re really reducing the likelihood of that massive volatility.
For example, consider a client I worked with that ran a medical center. I told her to consider if there were to be a breach in her medical center. They were spending quite a bit of money with their MSP and they didn’t think they needed to go through any steps for compliance… Well, let’s just pretend there were no HIPPA fines, that one of your rich patients paid any civil penalties there were, and all you had to do is pay for notification, and that’s the only check you had to write… If it’s about $150 per name, then tell me how much that would cost you? She said that would be $3.7 million. I then asked what her cyber liability policy would cover and she said that it was a quarter of a million dollars. Which that’s great. However, I had to ask if that $3.7 million expense would be a bankrupting event? In other words, would that be volatile enough to put her out of business? And she said, yes.
So for me, I approach it from this whole risk management position. It’s not just the risk of liability, it’s the risk of losing money, and losing your business. I also asked what would be the public relations cost to her? How would her patients feel about someone else having their data. To me, this is the best approach to take when talking to the people who don’t understand 90% of what you do. This is an example of the perspective you can put things that can actually make sense to them in helping give them reasons to be compliant.
Then their carrier likes them better, their broker likes them better, and rates are less volatile. Again, by removing volatility, the chances of a breach are less likely, which lowers volatility. And so you’ve got a real winning proposition here and can go sell from that alone. It has nothing to do with a stack of something you want to sell them. However, now you will sell them those things because to accomplish those goals, there will be some tools that you need to put in place. But that’s not where I start. I start with how much are you sick of writing checks for things that aren’t unnecessary?