We’re celebrating Canada Day with two product updates to ControlMap 🇨🇦
These updates help meet local data residency expectations and stay aligned with evolving national certification standards.
You can now select Canada as a hosting region when creating or editing client tenants inside ControlMap. This expands our global region support to:
This addition supports MSPs working with clients that have strict data residency requirements, common in sectors like finance, healthcare, and government. ControlMap is hosted on AWS infrastructure, and the new Canadian region ensures data remains within national borders.
The CyberSecure Canada framework in ControlMap has been updated to reflect the latest release from the Canadian government. This update includes refinements to control language, framework structure, and implementation guidance.
CyberSecure Canada is a nationally recognized cybersecurity certification program designed to help small and medium-sized businesses (SMBs) adopt baseline cybersecurity practices. It draws from globally accepted standards like ISO 27001 and NIST.
With ControlMap, MSPs can operationalize the framework efficiently through:
Whether your clients are pursuing CyberSecure Canada certification or simply aligning to its principles, this update ensures your services are built on the most accurate and current version of the framework.
These enhancements are now live and available in ControlMap. For guidance on how to select the Canada Region or navigate the updated CyberSecure Canada framework, visit our Help Center.
Ready to support Canadian clients with local hosting and updated controls? Book a demo to see how ControlMap can help.
For more details on updates made in ControlMap, view the full release notes.
ControlMap has just rolled out support for the latest version of the Secure Controls Framework: SCF 2025.1.1. This framework helps you manage and align your clients with multiple regulatory requirements simultaneously, from ISO 27001 and SOC 2 to NIST and CMMC.
If your clients operate in regulated industries like healthcare, finance, education, or government, the SCF is one of the most efficient ways to unify overlapping requirements under a single, streamlined control set.
The SCF 2025.1.1 release includes 1,076 detailed controls, offering clearer, more actionable guidance across critical areas like:
This release includes updated crosswalks to industry standards and regulations, like:
ControlMap automatically cross-maps controls across frameworks, so you can reuse evidence, reduce redundant tasks, and streamline audits across your entire client base.
Several domains, including Governance, Risk, Privacy, and Vendor Management, have been refined for clarity and consistency. These structural updates make it easier to understand what’s required, how to implement controls, and how to communicate progress to your clients.
The updated SCF includes expanded guidance on interpreting and applying controls in real-world client environments. Combined with ControlMap’s built-in:
…you’ll spend less time translating compliance frameworks and more time delivering results your clients can see.
ControlMap automates the heavy lifting of framework updates, so you can focus on scaling your services, not managing spreadsheets. Book a demo to explore how SCF 2025.1.1 works inside ControlMap.
For more details on updates made in ControlMap, view the full release notes.
The NIS2 Directive is a major legislative update passed by the European Union to strengthen cybersecurity across critical and digital infrastructure. Now available in ControlMap, this framework helps MSPs guide their clients through NIS2 compliance using pre-built content, automated workflows, and audit-ready reporting.
NIS2 (Directive (EU) 2022/2555) establishes baseline cybersecurity and incident reporting obligations for a wide range of essential and important entities across the EU. This includes sectors such as energy, healthcare, finance, digital infrastructure, public administration, and more.
The Directive introduces stricter governance rules, such as board-level accountability, supply chain risk management, mandatory breach reporting within 24 hours, and oversight by national supervisory authorities. It applies to both EU-based companies and those outside the EU that provide services in the EU.
Organizations that fail to comply face penalties, including fines and reputational damage, making proactive compliance support from MSPs more critical than ever.
Launch NIS2 compliance programs faster. Use a structured, ready-to-deploy framework to get clients onboarded without starting from scratch.
Save time with pre-mapped policies and controls. Access NIS2-aligned templates for policies, risks, and controls to eliminate setup delays.
Reduce effort with cross-framework mapping. Leverage built-in mappings to ISO, NIST, and more so your work scales across clients and industries.
Stay audit-ready with real-time visibility. Monitor compliance status, close gaps quickly, and generate regulator-ready reports on demand.
Grow in high-demand verticals. Support clients in sectors like healthcare, finance, and digital infrastructure where NIS2 is now required.
You can now import the full NIS2 Directive into your clients’ tenants, map it to existing frameworks, and deliver a fully audit-ready compliance program. Log in to ControlMap to get started.
Request a demo to see how NIS2 fits into your CaaS or vCISO services if you want help integrating NIS2 into your CaaS or vCISO offering.
For more details on updates made in ControlMap, view the full release notes.
You can now generate polished, client-facing reports directly from the Executive Dashboard in ControlMap. These Compliance Health Reports are purpose-built for QBRs (quarterly business reviews) and status updates, helping you clearly communicate completed work, current status, and areas that need attention.
Each report combines assessment progress, framework completion, documentation, risk posture, and upcoming tasks, giving your clients a comprehensive view of their compliance journey without manual tracking or formatting. Reports can be customized and automated to save you time and help improve your engagement with your client. Just customize your content how you like, set a schedule (weekly/monthly, etc.), save, and go!
📊 Compliance Health Score
The report opens with a single score out of 100, summarizing overall compliance posture. This number reflects a combination of assessment results, documentation status, and evidence completeness, providing an instant snapshot of performance over time.
📉 Health Score History
A timeline view shows changes in the compliance score across the past several months. These trendlines make it easy to highlight progress or identify periods where efforts may have stalled.
🚨 Top Risks and Risk Distribution
The report summarizes the most critical risks by severity and visualizes how risk exposure has shifted over time. This section also includes counts of increased or decreased risks, giving you a way to frame both wins and areas of focus for the next period.
📚 Framework Progress Tracking
Progress toward each active framework, like NIST 800-171, ISO 27001, or HIPAA, is broken down by percentage and tracked over time. This helps reinforce the specific frameworks each client is working toward and how close they are to completion.
✅ Assessment Completion
This section shows the number of assessment items marked as Yes, Partially, No, or Not Applicable, paired with historical trends and a list of recent changes.
🎯 Objectives Progress
Displays the current status of objectives across Compliant, Partially Compliant, Not Compliant, and other states. Progress is graphed over time, helping visualize how maturity is evolving.
🛠️ Action Items Progress
This section tracks the status of all action items across the organization, highlighting how many are completed, in progress, in review, or not yet started. Showing trends over time helps teams stay accountable and aligned on what’s been done—and what still needs attention.
📂 Evidence Collection
This section shows how many pieces of evidence have been collected, are in progress, or remain incomplete. Since documentation is a critical component for audit readiness, this section helps identify where gaps still exist.
📁 Policy & Document Status
Tracks how many documents are in draft, under review, in progress, or fully approved. A separate table outlines recent updates to help teams track change activity.
📅 To Do: Top Priority Action Items
The report closes with a summary of high-priority action items, including objective references, current status, assignees, and deadlines.
How to Use It
Compliance Health Reports are now live within Reports and the Executive Dashboard in ControlMap. Log in now to try it out—or book a demo to see how it works.
With the new reporting design and technology introduced with the Compliance Health Report, the existing Assessment Report in ControlMap is also getting a visual refresh to match the new, polished look. While the content and structure will remain familiar, the updated design brings visual consistency across reports, making everything look sharper for client-facing use.
For more details on updates made in ControlMap, view the full release notes.
ScalePad is proud to announce SOC 2 Type II and ISO 27001 compliance certifications for its products Lifecycle Manager, Lifecycle Insights, Backup Radar, ControlMap, and newly certified for 2025, Quoter. This milestone reinforces ScalePad’s unwavering dedication to upholding the highest data security, privacy, and integrity standards for its global customer base.
New for 2025: Quoter
SOC 2 Type II and ISO 27001 compliance certifications for Quoter have been added.
How did we do it?
Using ControlMap, the same tool that we recommend for you to help your own clients on their compliance journey.
ControlMap also makes it (relatively) easy and painless to collect evidence to maintain compliance for our other ScalePad products that were already compliant, showcasing controls and evidence and sending that data to our third-party auditor.
If you’re curious about Compliance-as-a-Service as an opportunity to grow your MSP, definitely take the time to go through ScalePad’s free Compliance as a Service Boot Camp and learn more.
What does this mean for you, our ScalePad Partners?
It means we’ve been through the serious annual audit and evaluation process, ensuring Quoter, Lifecycle Manager, Lifecycle Insights, Backup Radar, and ControlMap meet top-tier global standards for keeping your data secure.
With these certifications in place, you can feel confident knowing your MSP’s data is protected from threats and vulnerabilities, allowing you to stay focused on growing your business.
Where can I learn more about product security at ScalePad?
Head over to scalepad.com/security to confirm these words for yourself. Grab our updated Security Whitepaper, ISO certificate, and SOC 3 Report and verify we’re walking the talk.
Our downloadable SOC 3 report for ScalePad covers Lifecycle Manager, Lifecycle Insights, ControlMap, Quoter, and Backup Radar. The download link below will open a new tab for you to view.
SOC 2 Type II compliance verifies that ScalePad’s systems and processes safeguard Partner data against unauthorized access, use, and disclosure. Similarly, the ISO 27001 certification demonstrates ScalePad’s commitment to implementing comprehensive information security management systems, encompassing policies, procedures, and controls to manage and protect sensitive information.
“Cybersecurity isn’t just a box to check; it’s a guiding principle,” said Zach Keller, CFO of ScalePad. “Achieving SOC 2 Type II and ISO 27001 compliance reinforces our commitment to maintaining and continuously improving our security measures. This commitment to rigorous standards demonstrates our dedication to enhancing security practices in response to evolving threats.”
“Elevating security posture while cultivating trust is at the heart of what cybersecurity compliance is all about,” said security compliance expert Dan Fox, who also works as a lead in cybersecurity education for Scalepad’s ControlMap team. “ScalePad’s commitment to security and protecting our partner ecosystem is emphasized through the implementation of best practice frameworks such as SOC 2 and ISO 27001, thanks in part to ControlMap, our Security Compliance management solution used by thousands in the MSP community, including ourselves.”
Furthermore, SOC 2 Type II compliance provides a higher level of assurance that data is being protected consistently over time. By undergoing a thorough Type II audit, ScalePad identifies and addresses potential security risks and vulnerabilities, mitigating the likelihood of data breaches and financial losses. Additionally, ScalePad’s compliance with SOC 2 Type II standards supports its Partners’ efforts to maintain regulatory compliance across various industries, including GDPR and HIPAA, by providing evidence of robust security and privacy controls.
For more detailed information about ScalePad’s commitment to product security, including our Security Whitepaper, please go to scalepad.com/security.
Quickly and painlessly – ScalePad used our own product, ControlMap, to simplify our journey to cybersecurity compliance. The same multi-tenancy and templated frameworks that can help your MSP get your clients compliant helped ScalePad rapidly get multiple products compliant across two different-but-complementary frameworks.
Using ControlMap’s automated evidence collection functionality, the audit required for SOC 2 Type II compliance and the surveillance audit for ISO 27001 was straightforward. The controls, policies, and procedures were already in place, along with automated monitoring of dozens of integrated systems.
ControlMap provides ScalePad with a single platform to manage everything compliance-related internally at our organization and can enable you to do the same for your MSP’s clients. Whether you already work with clients in regulated industries or aspire to expand your service portfolio to include compliance services, ControlMap gives you the tools to get compliant yourself and to generate recurring revenue by helping your clients along their compliance journey.
We’re excited to announce that ControlMap, currently SOC 2 audited and ISO 27001 certified annually, has begun the process to expand its security posture to include FedRAMP Moderate equivalency. Over the last quarter, the ScalePad security team has completed its annual audit cycle and conducted an assessment of the NIST 800-53 requirements for FedRAMP Moderate equivalency, including incorporating those requirements into the organization’s policies, procedures, and controls for the following year.
FedRAMP (Federal Risk and Authorization Management Program), based on NIST 800-53, is the U.S. government’s standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This widely recognized framework is designed to ensure that cloud offerings used by government agencies meet these strict security requirements. ControlMap and ScalePad’s goal is to help support partners by meeting one of the most rigorous cybersecurity compliance standards available.
Note: ControlMap already includes the FedRAMP framework within the platform, allowing partners to build and manage assessments aligned with FedRAMP requirements. What’s new is that ControlMap itself is now pursuing FedRAMP Moderate equivalency authorization—a formal designation demonstrating that our own platform meets the security standards required for federal cloud service providers. This adds an extra layer of trust for partners working in regulated industries or supporting clients in the public sector.
In the future, it will be easier for our partners to:
If you’re already managing frameworks like SOC 2, ISO 27001, or HIPAA, you’re ahead of the game—ControlMap’s automated crosswalks and assessment + evidence reuse mean you won’t need to start from scratch. This authorization will help support our partners—especially those working toward CMMC 2.0 or serving clients in government-regulated industries—with an even stronger foundation of security and compliance. ControlMap already supports several NIST frameworks, including NIST CSF, NIST 800-53, NIST 800-171, FedRAMP, NIST AI, and CMMC 2.0. ControlMap also plans to support the automation requirements for the new emerging assessment process FedRAMP 20x.
The authorization process is underway. We’ll share updates as we hit major milestones, and once FedRAMP is finalized, we’ll make sure our partners can fully take advantage of it.
Not a ControlMap partner yet? Join us for a personalized demo, or check out this quick overview here.
We’re excited to announce that ControlMap has been selected by GTIA (formerly CompTIA) as a featured platform in their GTIA Cybersecurity Trustmark Program.
Trustmark is a cybersecurity assessment program designed specifically for MSPs. Unlike traditional enterprise-focused standards, Trustmark is built to reflect MSPs’ unique realities and needs.
It offers a streamlined, auditable, and cost-effective path, blending elements from multiple established frameworks—including ISO 27001, CIS, and NYDFS—into one cohesive standard. The goal? Helping MSPs demonstrate their security posture without the cost and complexity of something like SOC 2. ControlMap is now listed in the GTIA Trustmark Marketplace.
ControlMap users will see the Trustmark framework appear in-platform in early May 2025. To use the framework within ControlMap, you’ll first need to register for the Trustmark program through GTIA. You can learn more and submit your interest directly through their website:
GTIA offers a transition window for MSPs currently working with other approved platforms to migrate to ControlMap.
Book a demo if you want to migrate to ControlMap or explore how we support Trustmark assessment—we’re happy to help.
We’re excited to introduce the Executive Dashboard, a centralized, high-level view for MSPs managing multiple client tenants in ControlMap. This dashboard surfaces the most critical insights across your portfolio, making it easier to drive client accountability, manage workloads, and spot new opportunities for service expansion. The old dashboard will still be accessible via the toggle option at the top right corner of the page.
Compliance doesn’t scale well without visibility. MSPs often juggle dozens of client environments, each with its own pace, bottlenecks, and gaps. The Executive Dashboard distills that complexity into actionable insights—giving you back hours otherwise spent digging through tenant workspaces. It’s the foundation for managing compliance-as-a-service at scale.
Every tenant now has a summarized health score based on framework progress, task status, evidence completeness, and more. It gives you an instant read on overall compliance posture—perfect for spotting red flags or highlighting strong performers.
✦ Use case: Use this score to prioritize client outreach, flag accounts at risk, or track improvement over time.
Get a clear picture of how far along each tenant is in completing their framework assessments (e.g., CMMC, NIST 800-171). This helps you quickly identify which clients are falling behind, which are ready for audit preparation, and where to prioritize effort.
✦ Use case: Build proactive check-in cadences around the slowest-moving tenants to keep momentum up.
View each tenant’s policy landscape—how many policies are created, completed, or still pending. Since documented policies are a baseline requirement for any compliance framework, this gives you early visibility into tenants who may be at risk of non-compliance.
✦ Use case: Turn policy gaps into consultative conversations and offer white-glove support for policy creation or templating.
Know at a glance how much supporting evidence each tenant has submitted. Since evidence is often where audits succeed or fail, this insight helps you catch missing documentation early and prepare for smoother third-party reviews.
✦ Use case: Reinforce platform engagement by nudging clients who haven’t completed assigned tasks.
Track all upcoming or overdue actions across tenants in one place. This helps your internal team prioritize the most time-sensitive deliverables and address bottlenecks before they affect audit timelines.
✦ Use case: Allocate team bandwidth more effectively by planning around due dates across multiple clients.
See which frameworks are in use across your client base and how far along each tenant is in their journey. This helps with strategic account planning, identifying upsell opportunities, and aligning clients to appropriate frameworks based on their growth stage.
✦ Use case: As clients mature, recommend framework expansion (e.g., adding NIST CSF to an existing ISO 27001 tenant).
📄 Coming Soon: A downloadable, client-ready Compliance Health Report is already in the works. Soon, you’ll be able to export key insights in a polished format—perfect for sharing with clients or using in internal planning sessions.
Log in to ControlMap to check out the new dashboard—or book a demo to see how it works.
ScalePad has launched the next step towards a unified experience across our product suite – the ScalePad Hub. Now, all ScalePad app users have access to all of their products through a single centralized account, which we’re calling the ScalePad Hub.
The ScalePad Hub is a centralized portal for all ScalePad apps – it is the entry point into the ScalePad app ecosystem for Partners. It’s the first step in our vision of an integrated product suite that allows seamless flow of crucial data & information between our apps.
We strive to provide our Partners with the most advanced automation so they can spend less time cobbling together data and more time on high-value work that supports their clients. The ScalePad Hub is a stepping stone into tighter app integrations, expanded automation, and an enhanced experience for all of our Partners – something we’re calling the ScalePad OS. We have lots more in store (read more at the bottom of this update) and the ScalePad Hub is the foundational first step.
The Hub grants ScalePad Partners the following:
Partners with subscriptions to multiple ScalePad applications can now quickly navigate between apps without the need to sign in to separate app-specific portals. Users will only have to sign in to the ScalePad Hub once to have access to all of their apps from their account by centralizing the access point for all the apps, Partners no longer have to store multiple app-specific credentials or bookmark several sign in pages – every ScalePad app can be accessed from a single screen (or pane of glass for those who prefer the term… we know it’s polarizing).
From within any ScalePad account, users can seamlessly navigate to their other subscriptions. Partners only need to click the Bento Box menu in the top nav to quickly open any of their other subscribed apps. A centralized sign in streamlines app switching as there is no longer the need to enter another set of credentials from another sign in page.
The ScalePad Hub is the portal for adding new users and granting them permission to access the apps necessary for their role and responsibilities. Admins are able to manage their ScalePad app users from one place, easily update their entitlements, and enforce security settings for MFA and SSO. Individual users can update their profile details, password, and MFA settings all in the ScalePad Hub.
Note that access permissions to specific features in each app are still configured in each app. The ScalePad Hub simply adds (or removes) users to each Partners ScalePad account. The individual app-based permissions are still managed in each app. For more details, visit our new ScalePad Hub help center.
Within the ScalePad Hub, Partners are able to manage their ScalePad app subscriptions and entitlements. On the Billing tab, you will be able to view details of your current ScalePad subscription, manage your plans, and even add new ScalePad apps into your stack.
The URL for the ScalePad Hub is app.scalepad.com. As of November 20, 2024, all users signing into their ScalePad apps will be automatically redirected to app.scalepad.com for sign in.
From within your ScalePad apps, clicking on the ScalePad icon in the top nav bar will take you back to the Hub.
We have answers! Visit this FAQ to find the answer to all your questions about the ScalePad Hub. You can also find more detailed information in our new ScalePad help center or get in touch with our team at [email protected].
The launch of the ScalePad Hub sets the stage for unifed billing. Over the next few weeks, we’ll be migrating to a centralized billing system so Partners can manage all of their app subscriptions in one place. Keep an eye out for in-app messages as we migrate each apps billing to the ScalePad Hub.
At the ScalePad Innovate event in June, we outlined our vision for the ScalePad platform – a deeply integrated suite of apps that helps MSPs truly grow while providing the highest level of service to their clients. The Hub is just the first step towards achieving this vision.
We’ll continue working on the rest of the ScalePad vision, which includes developing the ScalePad OS to unify integrations in the Hub instead of each separate app. This is a critical piece of our platform that will connect your tech stack to all of our apps internally to allow free flow of information to eliminate information silos. Keep an eye on our updates page for more exciting releases as we continue rolling out enhancements to our product suite.
ScalePad will be hosting our next All Partners Conference, Ignition, on January 23. Join us as we bring insight into the key trends, challenges, and opportunities for MSPs. We’ll also be giving a peek into our 2025 product roadmap. Register here to save your seat for this virtual event.
