Lifecycle managerProduct backup radarLifecycle insights for navigation links visualizationCognition360Control Map

Vigilant Systems Scales Compliance as a Service (CaaS) with ControlMap

Published July 5, 2024
Avatar photo
Evan Pappas

As an MSP, Vigilant Systems faced the challenge of managing compliance services for multiple clients. Focusing on functions and workflows, they leveraged ControlMap to streamline operations and scale their CaaS offering.

The Challenge

Peter Sternkopf, CEO of Vigilant Systems, recognized the difficulties in managing compliance without a system. “It’s like trying to consume a bowl of spaghetti,” he said. “With multiple frameworks to keep track of, it was hard to determine where one noodle ends and another begins, and it was easy to get lost in the sauce.”

“I challenge any company even to manage two frameworks — ISO 27001 and SOC 2- using spreadsheets and individual documents; it’s nearly impossible!” Sternkopf says.

The Solution

Sternkopf and his team implemented ControlMap to address the overwhelming work of tracking assets, controls, documents, evidence, assessments, and audits. The systematic approach provided by ControlMap opened the door to scaling CaaS, enabling Vigilant Systems to help more clients deliver compliance without additional lift from their team.

Essential Functions and Features Used

Vigilant Systems was an early adopter (2020) of ControlMap, so Sternkopf and his team know their way around the toolset. Some of the features leveraged for compliance management include:

  • Document management with Confluence Wiki
  • Assets Inventory (with risk management)
  • Vendor Assessments (Critical Systems)
  • Controls-based (one-to-many mappings)
  • POL, PRO, GOV reviews, updates, and history
  • Evidence Store (fully mapped)

Sternkopf highlighted the importance of a controls-focused approach, stating that ControlMap delivers a system with the proper workflow and flexibility to support both framework-focused and control-focused approaches.

Advice for Selling Compliance as a Service

When asked about his advice for selling CaaS, Sternkopf emphasized the need to be a “CaaS shepherd.” He stressed the importance of being “pumped” about using ControlMap and nurturing client enthusiasm when onboarding customers and building their confidence in using the tool. By focusing on functions and workflows, Vigilant Systems was able to scale its CaaS offerings and provide value to its clients.

Additionally, Sternkopf reinforced that you must secure a compliance “champion” within your customer organization. “If you don’t have that person, it’s going to be much harder for the customer to realize the value of your work and ControlMap,” Sternkopf says. “It’s sometimes a technology person, but more often is someone in an operational role where they can span all areas of the organization and get results.”


Vigilant Systems’ experience with ControlMap demonstrates the effectiveness of a systematic approach to managing compliance services. By leveraging the toolset’s functions, such as document management and vendor assessments, they could streamline their operations and scale their CaaS offerings. For MSPs looking to initiate CaaS, Sternkopf’s advice to be a “CaaS shepherd” and focus on functions and workflows is invaluable.

Are you interested in adding or scaling CaaS with ControlMap, the cybersecurity compliance platform purpose-built for MSPs? Book a demo with us.