ScalePad is proud to announce SOC 2 Type II and ISO 27001 compliance certifications for its products Lifecycle Manager, Lifecycle Insights, Backup Radar, ControlMap, and newly certified for 2025, Quoter. This milestone reinforces ScalePad’s unwavering dedication to upholding the highest data security, privacy, and integrity standards for its global customer base.
New for 2025: Quoter
SOC 2 Type II and ISO 27001 compliance certifications for Quoter have been added.
How did we do it?
Using ControlMap, the same tool that we recommend for you to help your own clients on their compliance journey.
ControlMap also makes it (relatively) easy and painless to collect evidence to maintain compliance for our other ScalePad products that were already compliant, showcasing controls and evidence and sending that data to our third-party auditor.
If you’re curious about Compliance-as-a-Service as an opportunity to grow your MSP, definitely take the time to go through ScalePad’s free Compliance as a Service Boot Camp and learn more.
What does this mean for you, our ScalePad Partners?
It means we’ve been through the serious annual audit and evaluation process, ensuring Quoter, Lifecycle Manager, Lifecycle Insights, Backup Radar, and ControlMap meet top-tier global standards for keeping your data secure.
With these certifications in place, you can feel confident knowing your MSP’s data is protected from threats and vulnerabilities, allowing you to stay focused on growing your business.
Where can I learn more about product security at ScalePad?
Head over to scalepad.com/security to confirm these words for yourself. Grab our updated Security Whitepaper, ISO certificate, and SOC 3 Report and verify we’re walking the talk.
Our downloadable SOC 3 report for ScalePad covers Lifecycle Manager, Lifecycle Insights, ControlMap, Quoter, and Backup Radar. The download link below will open a new tab for you to view.
SOC 2 Type II compliance verifies that ScalePad’s systems and processes safeguard Partner data against unauthorized access, use, and disclosure. Similarly, the ISO 27001 certification demonstrates ScalePad’s commitment to implementing comprehensive information security management systems, encompassing policies, procedures, and controls to manage and protect sensitive information.
“Cybersecurity isn’t just a box to check; it’s a guiding principle,” said Zach Keller, CFO of ScalePad. “Achieving SOC 2 Type II and ISO 27001 compliance reinforces our commitment to maintaining and continuously improving our security measures. This commitment to rigorous standards demonstrates our dedication to enhancing security practices in response to evolving threats.”
“Elevating security posture while cultivating trust is at the heart of what cybersecurity compliance is all about,” said security compliance expert Dan Fox, who also works as a lead in cybersecurity education for Scalepad’s ControlMap team. “ScalePad’s commitment to security and protecting our partner ecosystem is emphasized through the implementation of best practice frameworks such as SOC 2 and ISO 27001, thanks in part to ControlMap, our Security Compliance management solution used by thousands in the MSP community, including ourselves.”
Furthermore, SOC 2 Type II compliance provides a higher level of assurance that data is being protected consistently over time. By undergoing a thorough Type II audit, ScalePad identifies and addresses potential security risks and vulnerabilities, mitigating the likelihood of data breaches and financial losses. Additionally, ScalePad’s compliance with SOC 2 Type II standards supports its Partners’ efforts to maintain regulatory compliance across various industries, including GDPR and HIPAA, by providing evidence of robust security and privacy controls.
For more detailed information about ScalePad’s commitment to product security, including our Security Whitepaper, please go to scalepad.com/security.
Quickly and painlessly – ScalePad used our own product, ControlMap, to simplify our journey to cybersecurity compliance. The same multi-tenancy and templated frameworks that can help your MSP get your clients compliant helped ScalePad rapidly get multiple products compliant across two different-but-complementary frameworks.
Using ControlMap’s automated evidence collection functionality, the audit required for SOC 2 Type II compliance and the surveillance audit for ISO 27001 was straightforward. The controls, policies, and procedures were already in place, along with automated monitoring of dozens of integrated systems.
ControlMap provides ScalePad with a single platform to manage everything compliance-related internally at our organization and can enable you to do the same for your MSP’s clients. Whether you already work with clients in regulated industries or aspire to expand your service portfolio to include compliance services, ControlMap gives you the tools to get compliant yourself and to generate recurring revenue by helping your clients along their compliance journey.
We’re excited to announce that ControlMap, currently SOC 2 audited and ISO 27001 certified annually, has begun the process to expand its security posture to include FedRAMP Moderate equivalency. Over the last quarter, the ScalePad security team has completed its annual audit cycle and conducted an assessment of the NIST 800-53 requirements for FedRAMP Moderate equivalency, including incorporating those requirements into the organization’s policies, procedures, and controls for the following year.
FedRAMP (Federal Risk and Authorization Management Program), based on NIST 800-53, is the U.S. government’s standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This widely recognized framework is designed to ensure that cloud offerings used by government agencies meet these strict security requirements. ControlMap and ScalePad’s goal is to help support partners by meeting one of the most rigorous cybersecurity compliance standards available.
Note: ControlMap already includes the FedRAMP framework within the platform, allowing partners to build and manage assessments aligned with FedRAMP requirements. What’s new is that ControlMap itself is now pursuing FedRAMP Moderate equivalency authorization—a formal designation demonstrating that our own platform meets the security standards required for federal cloud service providers. This adds an extra layer of trust for partners working in regulated industries or supporting clients in the public sector.
In the future, it will be easier for our partners to:
If you’re already managing frameworks like SOC 2, ISO 27001, or HIPAA, you’re ahead of the game—ControlMap’s automated crosswalks and assessment + evidence reuse mean you won’t need to start from scratch. This authorization will help support our partners—especially those working toward CMMC 2.0 or serving clients in government-regulated industries—with an even stronger foundation of security and compliance. ControlMap already supports several NIST frameworks, including NIST CSF, NIST 800-53, NIST 800-171, FedRAMP, NIST AI, and CMMC 2.0. ControlMap also plans to support the automation requirements for the new emerging assessment process FedRAMP 20x.
The authorization process is underway. We’ll share updates as we hit major milestones, and once FedRAMP is finalized, we’ll make sure our partners can fully take advantage of it.
Not a ControlMap partner yet? Join us for a personalized demo, or check out this quick overview here.
We’re excited to announce that ControlMap has been selected by GTIA (formerly CompTIA) as a featured platform in their GTIA Cybersecurity Trustmark Program.
Trustmark is a cybersecurity assessment program designed specifically for MSPs. Unlike traditional enterprise-focused standards, Trustmark is built to reflect MSPs’ unique realities and needs.
It offers a streamlined, auditable, and cost-effective path, blending elements from multiple established frameworks—including ISO 27001, CIS, and NYDFS—into one cohesive standard. The goal? Helping MSPs demonstrate their security posture without the cost and complexity of something like SOC 2. ControlMap is now listed in the GTIA Trustmark Marketplace.
ControlMap users will see the Trustmark framework appear in-platform in early May 2025. To use the framework within ControlMap, you’ll first need to register for the Trustmark program through GTIA. You can learn more and submit your interest directly through their website:
GTIA offers a transition window for MSPs currently working with other approved platforms to migrate to ControlMap.
Book a demo if you want to migrate to ControlMap or explore how we support Trustmark assessment—we’re happy to help.
We’re excited to introduce the Executive Dashboard, a centralized, high-level view for MSPs managing multiple client tenants in ControlMap. This dashboard surfaces the most critical insights across your portfolio, making it easier to drive client accountability, manage workloads, and spot new opportunities for service expansion. The old dashboard will still be accessible via the toggle option at the top right corner of the page.
Compliance doesn’t scale well without visibility. MSPs often juggle dozens of client environments, each with its own pace, bottlenecks, and gaps. The Executive Dashboard distills that complexity into actionable insights—giving you back hours otherwise spent digging through tenant workspaces. It’s the foundation for managing compliance-as-a-service at scale.
Every tenant now has a summarized health score based on framework progress, task status, evidence completeness, and more. It gives you an instant read on overall compliance posture—perfect for spotting red flags or highlighting strong performers.
✦ Use case: Use this score to prioritize client outreach, flag accounts at risk, or track improvement over time.
Get a clear picture of how far along each tenant is in completing their framework assessments (e.g., CMMC, NIST 800-171). This helps you quickly identify which clients are falling behind, which are ready for audit preparation, and where to prioritize effort.
✦ Use case: Build proactive check-in cadences around the slowest-moving tenants to keep momentum up.
View each tenant’s policy landscape—how many policies are created, completed, or still pending. Since documented policies are a baseline requirement for any compliance framework, this gives you early visibility into tenants who may be at risk of non-compliance.
✦ Use case: Turn policy gaps into consultative conversations and offer white-glove support for policy creation or templating.
Know at a glance how much supporting evidence each tenant has submitted. Since evidence is often where audits succeed or fail, this insight helps you catch missing documentation early and prepare for smoother third-party reviews.
✦ Use case: Reinforce platform engagement by nudging clients who haven’t completed assigned tasks.
Track all upcoming or overdue actions across tenants in one place. This helps your internal team prioritize the most time-sensitive deliverables and address bottlenecks before they affect audit timelines.
✦ Use case: Allocate team bandwidth more effectively by planning around due dates across multiple clients.
See which frameworks are in use across your client base and how far along each tenant is in their journey. This helps with strategic account planning, identifying upsell opportunities, and aligning clients to appropriate frameworks based on their growth stage.
✦ Use case: As clients mature, recommend framework expansion (e.g., adding NIST CSF to an existing ISO 27001 tenant).
📄 Coming Soon: A downloadable, client-ready Compliance Health Report is already in the works. Soon, you’ll be able to export key insights in a polished format—perfect for sharing with clients or using in internal planning sessions.
Log in to ControlMap to check out the new dashboard! Not a ControlMap partner yet? Join us for a personalized demo, or check out this quick overview here.
ScalePad has launched the next step towards a unified experience across our product suite – the ScalePad Hub. Now, all ScalePad app users have access to all of their products through a single centralized account, which we’re calling the ScalePad Hub.
The ScalePad Hub is a centralized portal for all ScalePad apps – it is the entry point into the ScalePad app ecosystem for Partners. It’s the first step in our vision of an integrated product suite that allows seamless flow of crucial data & information between our apps.
We strive to provide our Partners with the most advanced automation so they can spend less time cobbling together data and more time on high-value work that supports their clients. The ScalePad Hub is a stepping stone into tighter app integrations, expanded automation, and an enhanced experience for all of our Partners – something we’re calling the ScalePad OS. We have lots more in store (read more at the bottom of this update) and the ScalePad Hub is the foundational first step.
The Hub grants ScalePad Partners the following:
Partners with subscriptions to multiple ScalePad applications can now quickly navigate between apps without the need to sign in to separate app-specific portals. Users will only have to sign in to the ScalePad Hub once to have access to all of their apps from their account by centralizing the access point for all the apps, Partners no longer have to store multiple app-specific credentials or bookmark several sign in pages – every ScalePad app can be accessed from a single screen (or pane of glass for those who prefer the term… we know it’s polarizing).
From within any ScalePad account, users can seamlessly navigate to their other subscriptions. Partners only need to click the Bento Box menu in the top nav to quickly open any of their other subscribed apps. A centralized sign in streamlines app switching as there is no longer the need to enter another set of credentials from another sign in page.
The ScalePad Hub is the portal for adding new users and granting them permission to access the apps necessary for their role and responsibilities. Admins are able to manage their ScalePad app users from one place, easily update their entitlements, and enforce security settings for MFA and SSO. Individual users can update their profile details, password, and MFA settings all in the ScalePad Hub.
Note that access permissions to specific features in each app are still configured in each app. The ScalePad Hub simply adds (or removes) users to each Partners ScalePad account. The individual app-based permissions are still managed in each app. For more details, visit our new ScalePad Hub help center.
Within the ScalePad Hub, Partners are able to manage their ScalePad app subscriptions and entitlements. On the Billing tab, you will be able to view details of your current ScalePad subscription, manage your plans, and even add new ScalePad apps into your stack.
The URL for the ScalePad Hub is app.scalepad.com. As of November 20, 2024, all users signing into their ScalePad apps will be automatically redirected to app.scalepad.com for sign in.
From within your ScalePad apps, clicking on the ScalePad icon in the top nav bar will take you back to the Hub.
We have answers! Visit this FAQ to find the answer to all your questions about the ScalePad Hub. You can also find more detailed information in our new ScalePad help center or get in touch with our team at [email protected].
The launch of the ScalePad Hub sets the stage for unifed billing. Over the next few weeks, we’ll be migrating to a centralized billing system so Partners can manage all of their app subscriptions in one place. Keep an eye out for in-app messages as we migrate each apps billing to the ScalePad Hub.
At the ScalePad Innovate event in June, we outlined our vision for the ScalePad platform – a deeply integrated suite of apps that helps MSPs truly grow while providing the highest level of service to their clients. The Hub is just the first step towards achieving this vision.
We’ll continue working on the rest of the ScalePad vision, which includes developing the ScalePad OS to unify integrations in the Hub instead of each separate app. This is a critical piece of our platform that will connect your tech stack to all of our apps internally to allow free flow of information to eliminate information silos. Keep an eye on our updates page for more exciting releases as we continue rolling out enhancements to our product suite.
ScalePad will be hosting our next All Partners Conference, Ignition, on January 23. Join us as we bring insight into the key trends, challenges, and opportunities for MSPs. We’ll also be giving a peek into our 2025 product roadmap. Register here to save your seat for this virtual event.
Ever wish you could just hit “copy and paste” for tenant setups? Now you can! With ControlMap’s new tenant cloning feature, you can replicate entire tenant configurations in a few clicks — no more manual setups.
Setting up a new tenant can be time-consuming, but with tenant cloning, you can duplicate entire setups— settings, controls, and policies.
Tenant cloning is available now! Head to your ControlMap dashboard and pick the tenant you want to clone.
Managing Security Awareness Training (SAT) for clients can be a tedious task for MSPs. ControlMap simplifies this by integrating with Huntress Managed Security Awareness Training, a leading SAT platform, allowing MSPs to pull SAT data directly into ControlMap.
Huntress Managed Security Awareness Training delivers engaging, animated episodes designed to educate users on staying secure online. With this integration, MSPs can now pull SAT data into ControlMap, reducing the need for manual tracking.
Once connected, ControlMap pulls the following training data from Huntress Managed Security Awareness Training every week:
Bring the power of Huntress Managed Security Awareness Training and ControlMap together today. Log in to ControlMap to activate the integration. For more information on how this integration can elevate your compliance management, request a demo.
ControlMap has introduced dark mode, designed to enhance your experience by providing a more comfortable and customizable display option. Dark mode offers an alternative view that can make longer sessions on the platform easier on the eyes.
1. Click on the profile icon in the top right corner.
2. Click on appearance.
3. Select the appearance option – dark mode, light mode, or match system settings.
Turn on dark mode in ControlMap and enjoy a more customizable, user-friendly experience.
ControlMap now supports the NIST SP 800-161r1 framework, enabling MSPs to manage supply chain cybersecurity risks for their clients.
NIST SP 800-161r1, titled “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations,” is a standard developed by the National Institute of Standards and Technology (NIST) to help organizations manage cybersecurity risks throughout their supply chains. This framework provides guidelines for integrating cybersecurity supply chain risk management (C-SCRM) into broader risk management activities, covering everything from policy development to risk assessment and mitigation strategies.
The framework is designed to help organizations identify, assess, and mitigate supply chain risks, ensuring their systems and services’ security, resilience, reliability, and integrity. It applies to both information technology (IT) and operational technology (OT) environments.
Comprehensive Supply Chain Risk Management
NIST SP 800-161r1 offers detailed guidance on managing cybersecurity risks across the supply chain. This includes developing risk management plans, implementing security controls, and conducting regular assessments, helping organizations minimize vulnerabilities.
Enhanced Resilience and Reliability
By adopting NIST SP 800-161r1, organizations can ensure the security and reliability of the products and services they procure. This helps prevent potential disruptions caused by supply chain attacks and provides a more resilient infrastructure.
Alignment with Federal Standards
The framework helps organizations, especially those in the federal supply chain, to align with federal standards and requirements, ensuring compliance and enhancing trust with government partners.
It’s time to help your clients strengthen their cybersecurity posture and manage supply chain risks more effectively. ControlMap Partners can now import the NIST SP 800-161r1 framework to their clients’ tenants, cross-map against existing frameworks, and address supply chain risk management gaps. Log in to ControlMap to get started with NIST SP 800-161r1 today.
For more information or to learn about enhancing your vCISO services with NIST SP 800-161r1, request a demo.
