A risk assessment is one of those critical pieces of documentation that can showcase the competitive value your MSP can provide to a client. By providing a sample risk assessment, a prospective client understands how thoroughly you will defend their environment – especially if you identify risks that they were not previously aware of. Quantifying those risks will reinforce this point further. The additional value of risk assessments in revenue generation is that they showcase your professionalism, and allow you to make specific, direct proposals to your prospects that address the issues that concern them. Here’s why this matters:

The MSP industry is becoming increasingly professional, and a couple emerging key trends matter here. First, more MSPs are concerned about price competition. That’s because MSPs are facing an increasingly competitive landscape when trying to close deals. With intensifying competition putting the squeeze on margins, and making it harder to close deals, MSPs need to be better equipped during the prospecting process.

The risk assessment can get you on the same page as your clients and facilitate early buy-in, even before they sign. This is a key component to having a smoother time migrating the new client’s stack. If you don’t get this buy-in, you’ll probably face a lot more pushback. This is the shared accountability model, and it allows you to put your new clients on the path to a standardized stack right away, for the benefit of everybody.

Remember that if you get your clients all on the same stack, your service costs will go down, and service standards will go up. If you’re using the best stack, then you can highlight the risks associated with the legacy tech the prospect is using.

Despite their value, risk assessments can’t achieve this alone, but they are a valuable tool you can use to support the arguments you’re making. To learn more about documenting risk in IT Glue, please check out the other posts in the risk management series, or sign up for a demo.

Yes, sign me up for a demo!

IT Glue’s award-winning documentation platform allows for efficient storage and retrieval of all the documentation you need to help managed service providers increase efficiency.

The post Using Risk Assessments in Sales appeared first on IT Glue.

Whether the SLA review is part of a quarterly business review or not, risk assessments can be used to showcase a few different things for your clients. First, the risk assessment can be used to highlight opportunities for improvement. Now, clients aren’t inherently receptive to risk mitigation, especially when doing so increases work on their end (hands up if you’ve had extended “debates” with a client about the merits of 2FA).

In situations like this, you can show how making hardware or software changes would improve your tech’s ability to hit SLA targets while simultaneously reducing risk for the client. “Noisy” environments tend to create more risk, because it is harder to service clients with a wide variety of overlapping tech. If a little extra work on the client end reduces downtime and resolution time, the risk assessment can be part of the supporting evidence to make your case.

A quarterly business review (QBR) is a more formal conversation, one that should beyond just the SLA review. The QBR is a great place to highlight the shared accountability model – your clients are also responsible for security and performance, because they have to sign off on the decisions that you make. Continuous improvement projects can be moved forward more easily if you have formal risk assessments that you can present as a precursor to the discussion about the solutions you wish to implement.

This conversation based on risk assessments and an evaluation of which changes need to be made to reduce needless risk, should occur regularly, and be a key driver for change. One of the biggest values of risk assessments is that they lie right at the heart of your clients’ business objectives. They want uptime, they want fast resolution of problems, and they are looking for you to deliver these things. If your recommendations can be tied back to these overall objectives in a formal way, you’ll have a much easier time motivating your clients’ senior management to adopt your recommendations. It turns what would otherwise be a sales conversation into a service conversation, which for most MSPs is an easier conversation to have.

The risk assessment, when used in SLA reviews and QBRs, can be an effective means of supporting the decisions you want your client to make. They are evidence that illustrates that you are on top of your clients’ environments and working proactively so that you never have to face a crisis together. That’s powerful value.

Next week, we’ll continue this series by taking a look at how risk assessments in sales conversations. There’s nothing better than making the sales conversation easier, so be sure to check back in a week for that.

To learn more about how IT Glue can provide a springboard for meeting all of your documentation needs, why not take a look at our demo.

Yes, sign me up for a demo!

IT Glue’s award-winning documentation platform allows for efficient storage and retrieval of all the documentation you need to help managed service providers increase efficiency.

The post Using Risk Assessments in QBRs and SLA Reviews appeared first on IT Glue.

The Four Pillars

There are four pieces of information that should be included in every risk assessment. They are importance, category, RPO/RTO and impact.

Pillar #1: Importance
The best way to define importance is by the amount of time lost if the event occurs. The reason is simple – the biggest cost your clients is downtime. Downtime affects your clients’ capacity to sell, market, and run their operations. If your client loses its system for taking credit card payments online, and it has a major e-commerce business, then any downtime to the credit card payment system is critical. Other systems may not be as important. Prioritize risks by how important the affected item is to the business.

Pillar #2: Category
Category reflects the functional line of the business. If possible, risks should be broken down by functional line, and the functional lines should be confirmed with your clients’ management. This helps you guide the conversation so you can talk to the right manager about the risks that they, specifically, face.

Pillar #3: RPO/RTO
Recovery point objective (RPO) and recovery time objective (RTO) should be included in every risk assessment. As the service provider, you need to know what standards the client is going to judge your performance by. If those standards are not realistic, knowing ahead of time gives you an opportunity to get in front of that conversation. But more important, having RPO and RTO standards documented means that your techs understand the client’s business from the client’s perspective, and can act accordingly.

Pillar #4: Business Impact
The final piece of the risk assessment structure is the business impact. Again, this is a matter of asking your client this question, and listening to their answer. They know better than anybody what the business impact of something might be. Losing Salesforce or 365 for an hour could cripple one client, and not matter that much to another. Understanding the business impact allows you to put your clients’ reactions to problems into proper perspective.

Documenting Risk Assessments

This simple four-part structure can be documented easily in IT Glue, or in Excel should you prefer the old school approach. But no matter how you document it, ensuring that your risk assessments are easy to find, easy to understand, and have been written with substantial input from key stakeholders at your clients makes all the difference in the world in terms of optimizing your risk management program.

To learn more about how IT Glue can help streamline risk management at your MSP or internal IT team, we invite you to demo our full documentation platform. Are you in?

Yes, sign me up for a demo!

IT Glue is an award-winning documentation platform that allows for efficient storage and retrieval of all the documentation you need to help your MSP run better. By integrating PSA and RMM data, we can help increase your efficiency, and reduce onboarding times by even more. By eliminating wasted time from your business, IT Glue gives you more time to focus on what matters – growing your business.

The post How to Structure Risk Assessments appeared first on IT Glue.

When a client tells you that, you know you’re going to have a fantastic conversation. That’s because something bad happened, and revealed a common disconnect between IT service providers and their clients. The client assumes that the IT service provider handles every single aspect of IT service, including everything security related. You, the IT service provider, probably have a more realistic view.

But in a way, the client has a point. It’s not their fault that if they are unaware of the risks. And how would they know what you are handling if you don’t tell them? This is where the risk assessment comes into play. The first stage of the risk assessment is identifying and tracking risk.

Not All Risk is Created Equal

To appropriately understand risk, examine the two dimensions – odds of it happening and outcomes if it does. Outcomes can be graded in terms of their impact on your client’s business or brand. Consider the following scale:

Once you’ve categorized each risk by its business impact, you can start to look at likelihoods. We know, for example, that a Datto survey found that 91% of MSPs had a client hit by ransomware in the prior 12 months, so those odds are, uh, not good. If the business impact is high or critical, then ransomware protection has to be a high priority item for that client.

Tracking Risk

There are a couple of ways to track risk. The old-fashioned way, of course, is the good ol’ Excel spreadsheet. It’s your spreadsheet is in O365 or Google Docs, you can share it with key stakeholders and everything. Right on.

We recommend using IT Glue. Risk can be tracked by organization, using a custom Flexible Asset. Here’s an example.

This can also be shared with key stakeholders, it’s easy to search, and it lives with the rest of your documentation. That’s important because it’s a lot easier to find a risk profile in IT Glue than a spreadsheet buried deep in some folder tree, and having it in the same place as all your other documentation means it’s only a click away.

Using a consistent format to track risk also makes it easier to have the risk conversation with your clients. Consistency means that if someone’s done it once, they can do it again. It’s a repeatable process.

So how do you have the risk conversation? We’ll talk about that next week.

To learn more about how IT Glue can improve the quality of your documentation, including risk profiles, sign up for a demo today!

Yes, sign me up for a demo!

IT Glue is an award-winning documentation platform that allows for efficient storage and retrieval of all the documentation you need to help your MSP run better. By integrating PSA and RMM data, we can help increase your efficiency, and reduce onboarding times by even more. By eliminating wasted time from your business, IT Glue gives you more time to focus on what matters – growing your business.

The post How to Track Risk appeared first on IT Glue.