IT Management Based on Compliance Is a Smart Strategy

One MSP moved past a growth plateau by putting compliance at the center of its offerings.

Paul Redding, CEO of Carlin Bradley, technology management services provider in Memphis, TN, says for their clients, managed IT services and security start with addressing compliance.

Redding says Carlin Bradley made the transition to managed services over the past decade, after getting “the message that recurring revenue, not break/fix, is the best model.” He says after several years as a managed service provider (MSP) business, however, the company’s growth plateaued. Partnering with Compliancy Group helped to turn that around, and for the past few years, Carlin Bradley has focused on compliance as a core value.

The Process

Carlin Bradley performs paid assessments for prospects, which reveal what they need to comply with the regulations or standards that govern their industry. Carlin Bradley follows up the assessment with a proposal for managed IT and security services that will bring them into compliance.  “We tell them which tools we’ll use to close the gap, like a firewall, physical alarm system, endpoint security, or email security.”

Redding says it’s smart to focus on providing compliance for the primary industries you serve, rather than attempting to manage compliance for all types of companies. Carlin Bradley primarily focuses on providing services to businesses in the healthcare, engineering, and manufacturing verticals. “It’s IT management based on compliance,” he says. “The evolution is Compliance as a Solution.”

Setting Expectations

Redding says selling compliance services has become easier since updates to HIPAA and enforcement of the EU’s General Data Protection Regulation (GDPR), NIST SP 800-171, and other regulations. “Businesses are becoming more afraid, but they’re not sure what they’re afraid of,” Redding comments.

He says when you’re meeting with prospects, it’s vital to talk to all stakeholders, which may include the controller, operations officer, and administrators, rather than just the business owner. “You need to talk to people who recognize that compliance is essential to business, and they need someone who can keep them out of the news and help them to continue to make money,” Redding says.

Redding says red flags go up if the prospect begins to question parts of the package you propose or wants to eliminate services. “Defend your solutions,” he says. “If they knew how to do it, they wouldn’t have called you in the first place.” Carlin Bradley won’t work with businesses that want to alter the comprehensive approach to compliance that they propose. “You can’t strip out things and pass audits,” he says.

He points out, however, that his business has 90 percent sales conversion: “It comes down to dollar value. What we provide versus what it would cost them to pay someone in house to do it.” Redding adds, “We don’t sell products or services. We sell compliance solutions.”

Selectivity when it comes to clients and moving to all-inclusive managed services packages that address compliance are helping Carlin Bradley grow, but the company’s goal isn’t to become a huge conglomerate. “We just want to be a voice in the transition the industry is making,” says Redding.