ControlMap now supports the NIST AI Risk Management Framework, enabling MSPs to support cybersecurity programs related to AI.

What is NIST AI RMF?

The NIST AI Risk Management Framework (AI RMF) is a security standard developed by the National Institute of Standards and Technology (NIST) to help manage the risk of generative Artificial Intelligence (AI). It was developed through a transparent, collaborative process and released in 2023. 

The framework is designed to help organizations involved in the design, development, use, or regulation of AI technologies, to better manage risks associated with AI as well as incorporate trustworthiness into AI products. 

NIST AI RMF is intended for voluntary use. It aims to align with and build upon AI risk management efforts already in place.

The benefits of NIST AI RMF

NIST AI RMF aims to help organizations manage risks associated with AI through a proactive and ethical approach. Organizations that implement this framework get the following benefits:

The framework offers detailed guidance on establishing robust governance practices for AI deployments. This helps organizations create clear policies and procedures that govern AI use, ensuring compliance with regulatory requirements and alignment with business objectives.

By adopting the NIST AI RMF, organizations can better identify, assess, manage, and monitor risks associated with AI technologies. This structured approach allows for more proactive risk management, reducing the potential for adverse impacts on the organization or any of its stakeholders.

NIST AI RMF helps organizations ensure their AI systems are reliable and trustworthy by providing a framework that emphasizes accountability, transparency, and the ethical use of AI. This can lead to increased user confidence and a stronger reputation for organizations deploying compliant AI solutions.

Ready to get started?

It’s time for your clients to ensure risks related to their work with AI is minimized. ControlMap Partners can now import the NIST AI RMF framework to their clients’ tenants, cross-map against current frameworks, and get started addressing any gaps. Login to ControlMap to get started on NIST AI RMF now.

For more information or to learn about jumpstarting your own vCISO services with NIST AI RMF, request a demo

ControlMap now supports the Digital Operational Resilience Act, enabling MSPs to implement cybersecurity programs for financial institutions operating within the European Union.

What is DORA?

The Digital Operational Resilience Act (DORA) is an EU regulation aimed at strengthening the cybersecurity and operational resilience of the financial sector within the European Union. It is critical for financial institutions as it mandates comprehensive management of IT risks, ensuring consistent and robust security practices across the sector to prevent and mitigate cyber incidents. 

Before DORA, financial institutions mainly managed risks with the allocation of capital, but they didn’t focus on all aspects of operational strength. After DORA, these institutions need to follow specific rules for protecting against, detection, containment, and recovery capabilities for IT-related incidents. DORA sets specific guidelines for IT risk management, incident reporting, information sharing, digital operational resilience testing, and third-party IT risk management. 

The benefits of DORA

DORA is a requirement for financial institutions to be in compliance with EU regulations. Compliance is required to protect financial institutions from regulatory penalties due to non-compliance. Organizations deemed non-compliant may face significant penalties that are imposed on a daily basis to encourage compliance. They may also be subject to a periodic penalty payment of 1% of their average daily global turnover in the preceding year. Outside of financial penalties, non-compliant organizations may be issued termination notices, cease-and-desist orders, and/or public notices.

However, the implementation of DORA also brings benefits that strengthen operations including:

Ready to get started?

Financial Institutions in the EU are required to be compliant with DORA. ControlMap Partners can now import the DORA framework to their clients’ tenants, cross-map against current frameworks, and get started addressing any gaps to avoid regulatory penalties. Sign to ControlMap to get started on DORA now.

For more information or to learn about jumpstarting your own vCISO services with DORA, request a demo

Maintaining security to defend against cybersecurity threats is a never-ending process. MSPs have to continually monitor networks, assets, and more for vulnerabilities and close any gaps they find. 

Now, there’s an easier way to monitor clients for vulnerabilities. ScalePad has integrated ControlMap with ThreatMate to automate vulnerability & compliance checks required to achieve and maintain compliance.

What can MSPs do with ThreatMate?

ThreatMate is an advanced attack surface management tool designed to monitor and secure networks from various cybersecurity threats. This comprehensive platform scans both external and internal network environments, including behind the firewall, and extends its monitoring capabilities to cloud services like Microsoft O365 and Google Workspace. By leveraging artificial intelligence  and machine learning, ThreatMate identifies security exposures and creates targeted mission plans for vulnerability remediation, ensuring a secure cyber environment across all connected devices and endpoints.

MSPs that use ThreatMate achieve the following benefits:

Why integrate ControlMap with ThreatMate?

Integrating ControlMap and ThreatMate allows for automatic collection of scan results by company and mapping to frameworks. It can be configured to run a scan and update the results weekly for continuous checks and updates. 

Collection of evidence –  Once you’ve connected ThreatMate to ControlMap, the connection automatically starts collecting the following data from ThreatMate scans on a weekly cadence:

Mapping to frameworks – The collected evidence is then mapped to over 50 security and compliance frameworks, such as SOC 2, ISO 27001, HIPAA, FTC Safeguards, CIS Controls, CMMC, and other frameworks and security standards. Mapping the evidence automatically provides a detailed view of any gaps that need to be addressed. 

Ongoing automatic updates – The ControlMap-ThreatMate integration is not simply a one-time check. ControlMap can be configured to regularly sync with ThreatMate to provide up-to-date evidence & vulnerabilities. This will update the evidence based on the current settings, ensuring that your team is aware of any configuration changes, new risks or gaps so you can take remedial action to maintain compliance. 

Connecting ControlMap and ThreatMate reduces hours of manual data imports and regular reviews. It automatically retrieves, updates, and stores current evidence required for compliance frameworks so your team can focus on maintaining and improving security.

Ready to get started?

Combine the capabilities of ThreatMate with ControlMap now. Login to your ControlMap instance to get started. For more information or a discussion on how to elevate your compliance operations, request a demo.

ControlMap now supports the NYDFS Cybersecurity Regulation, enabling MSPs to tailor cybersecurity programs for clients operating under the New York State Department of Financial Services jurisdiction.

What is the NYDFS Cybersecurity Regulation?

The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation, known as 23 NYCRR 500, is a cybersecurity framework for financial institutions operating under NYDFS jurisdiction. 

Established in March 2017, NYDFS mandates stringent security standards, requiring financial institutions to maintain secure data systems and reduce vulnerabilities. It covers organizations such as banks, insurance companies, credit unions, and their third-party service providers. To be compliant, institutions operating under NYDFS jurisdiction must ensure their cybersecurity practices align with the regulation’s standards.

The benefits of the NYDFS Cybersecurity Regulation?

While the NYDFS Cybersecurity Regulation is a requirement for financial institutions, it does provide further tangible benefits to these organizations. Implementing the framework leads to:

  1. Enhanced security – The regulation’s comprehensive policy requirements strengthen an institution’s cybersecurity posture, reducing the risk of breaches through rigorous protocols and controls.
  2. Improved Risk Management – Regular risk assessments enable proactive risk identification and mitigation
  3. Third-party Risk Reduction – By extending the requirements to third-party providers, the regulation ensures that supply chain risks are identified, managed, and mitigated effectively.

Implementing the NYDFS Cybersecurity Regulation helps financial institutions achieve stronger security and compliance, empowering them to manage risks while building trust with clients.

Ready to get started?

It’s time for your clients under NYDFS jurisdiction to have peace of mind that they are compliant with all regulations. Login to ControlMap to get started on NYDFS now. For more information or to learn about jumpstarting your own vCISO services with NYDFS, join a demo.

Meet the new Lifecycle Manager — a unified place to assess, plan, implement, and measure meaningful changes for your clients. 

With Lifecycle Manager for client engagement, MSPs of all sizes can improve the quality and productivity of their interactions with clients, including QBR/vCIO preparation and managing the entire client lifecycle at scale. We’ve made it possible to cut QBR prep to minutes, not hours, so all MSPs, regardless of operational maturity, can reinforce their position as a strategic partner to their clients with efficiency and professionalism. 

“It’s super-exciting for us to bring a platform to market and iterate that platform to solve the rapidly growing challenges of being an MSP in this highly competitive industry,” said Chris Day, ScalePad Founder and Chief Product Officer. “Rallying around their biggest asset — their people, both within their organization and their clients — to drive positive change and true impact is essential to scaling an MSP and retaining happy clients,” he continued. 

The new Lifecycle Manager includes an updated interface, enhancements to existing features, and game-changing additions to bring client-focused tasks to the forefront, helping you improve client experience and reinforce your position as a strategic partner. Here’s a closer look at what you get in the new Lifecycle Manager: 

Get to client details faster 

We’ve overhauled the dashboard to prioritize client activity. Elements such as the Client tab now sit along the top of the dashboard, saving you time with a more efficient client-focused workflow. These small yet mighty changes help streamline how you keep a pulse on the technology health of all of your clients.

Familiarize yourself in seconds

Become an expert on every one of your clients. Our enhancements to the client strategy dashboard give you a central hub for engagement and strategy on a client-based level. The information you need to inform your next QBR or vCIO meeting is at your fingertips.

Complete tasks without switching apps 

The new client strategy dashboard lets you log meeting notes, store and update key contact information, and publish Action Items that can be automatically submitted as tickets in your ConnectWise Manage PSA. With these updates, we’ve eliminated the need for toggling between your PSA, notebooks, and other tools for tracking and executing meeting follow-up tasks.

Streamline how you create and share technology plans 

We think getting buy-in from your clients on strategic initiatives should be easy. With a new layout that integrates Initiatives into Roadmaps, you can create crystal-clear plans that are easy for non-technical clients to understand and view at a glance in the day-to-day maintenance of client experience. 

You can plan up to five years on Roadmaps, which our Partners love for helping their clients prepare their budgets and anticipate what comes next. By bringing Initiatives into the roadmap view, we’re helping you create those plans ever faster by simplifying the workflow. You can drop new Initiatives into existing Roadmaps, letting you respond quickly to client needs and maintain accurate work plans. 

New sharing tools let you publish and send customizable Roadmap PDFs, giving you control over the level of detail displayed and a real-time presentation mode for screen sharing. 

When everyone understands, everyone wins

The new Lifecycle Manager enables MSPs of all sizes to communicate efficiently using a simplified data-driven approach with their clients, encouraging trust and collaboration on strategic initiatives.

“You know you’ve achieved successful client engagement when your clients start saying yes to the obvious things that are better for them (and by proxy, you),” said Day. “It’s when your team and your clients are on the same page about what is happening now, what needs to happen, and how you will get there together.” 

We’ve made it possible to prepare for your next strategic conversation in a few clicks. Try out the new Lifecycle Manager today.  

At ScalePad, we’re constantly striving to equip our MSP partner community with the tools they need to excel in managing cybersecurity compliance. Today, we’re excited to announce a significant upgrade to our MSP Dashboard, designed to streamline the way MSPs interact with data and assess their client’s compliance status. 

Why a new MSP Dashboard?

Our decision to revamp the MSP Dashboard stems from a deep understanding of the challenges faced by MSPs in maintaining compliance across multiple clients. Recognizing the opportunity to enhance the ControlMap MSP dashboard to address these roadblocks, we set out to create a solution that would enable MSPs to monitor client risks more efficiently. 

What’s New?

The enhanced MSP Dashboard is more than just a facelift; it represents a fundamental shift in how MSPs interact with compliance data. Here are the highlights:

What Does This Mean for MSPs?

The enhanced MSP Dashboard isn’t just about improved functionality; it’s about helping our partners to thrive in offering compliance as a service. By providing a centralized hub for monitoring compliance and managing risks and completing pre-assessments for prospecting, we’re arming partners with the tools needed to deliver exceptional service to clients and stay ahead of emerging threats.

Get Started Today!

Ready to experience the future of cybersecurity compliance management? The enhanced MSP Dashboard is now live and available for all MSP partners. Log in today to explore the new features and take your oversight capabilities to the next level.

Stay tuned for more updates and enhancements as we continue to innovate and support our partners in their mission to safeguard digital assets and protect against cyber threats.

ScalePad is proud to announce SOC 2 Type II and ISO 27001 compliance certifications for its products Lifecycle Manager, Lifecycle Insights, Backup Radar, and ControlMap. This milestone reinforces ScalePad’s unwavering dedication to upholding the highest data security, privacy, and integrity standards for its global customer base.

Our downloadable SOC 3 report for ScalePad covers Lifecycle Manager, Lifecycle Insights, ControlMap, and Backup Radar.

SOC 2 Type II compliance verifies that ScalePad’s systems and processes safeguard Partner data against unauthorized access, use, and disclosure. Similarly, the ISO 27001 certification demonstrates ScalePad’s commitment to implementing comprehensive information security management systems, encompassing policies, procedures, and controls to manage and protect sensitive information.

“Cybersecurity isn’t just a box to check; it’s a guiding principle,” said Dan Wensley, CEO of ScalePad. “Achieving SOC 2 Type II and ISO 27001 compliance reinforces our commitment to maintaining and continuously improving our security measures. This commitment to rigorous standards demonstrates our dedication to enhancing security practices in response to evolving threats.”

“Elevating security posture while cultivating trust is at the heart of what cybersecurity compliance is all about,” said security compliance expert Dan Fox, who also works as a lead in cybersecurity education for Scalepad’s ControlMap team. “ScalePad’s commitment to security and protecting our partner ecosystem is emphasized through the implementation of best practice frameworks such as SOC 2 and ISO 27001, thanks in part to ControlMap, our Security Compliance management solution used by thousands in the MSP community, including ourselves.”

Furthermore, SOC 2 Type II compliance provides a higher level of assurance that data is being protected consistently over time. By undergoing a thorough Type II audit, ScalePad identifies and addresses potential security risks and vulnerabilities, mitigating the likelihood of data breaches and financial losses. Additionally, ScalePad’s compliance with SOC 2 Type II standards supports its Partners’ efforts to maintain regulatory compliance across various industries, including GDPR and HIPAA, by providing evidence of robust security and privacy controls.

For more detailed information about ScalePad’s commitment to product security, including our Security Whitepaper, please go to

How did ScalePad do it?

Quickly and painlessly – ScalePad used our own product, ControlMap, to simplify our journey to cybersecurity compliance. The same multi-tenancy and templated frameworks that can help your MSP get your clients compliant helped ScalePad rapidly get multiple products compliant across two different-but-complementary frameworks.

Using ControlMap’s automated evidence collection functionality, the audit required for SOC 2 Type II compliance and the surveillance audit for ISO 27001 was straightforward. The controls, policies, and procedures were already in place, along with automated monitoring of dozens of integrated systems. 

ControlMap provides ScalePad with a single platform to manage everything compliance-related internally at our organization and can enable you to do the same for your MSP’s clients. Whether you already work with clients in regulated industries or aspire to expand your service portfolio to include compliance services, ControlMap gives you the tools to get compliant yourself and to generate recurring revenue by helping your clients along their compliance journey.

Ticketing integration is one of the features our Partners love about Backup Radar; making your team’s ticketing workflow quicker and easier while integrating with your preferred PSA is a Backup Radar claim to fame!

Every backup environment is different, and Backup Radar is evolving to help our Partners meet a range of needs. That’s why we’re excited to share the launch of integration with HaloITSM, one of our top-requested PSA tools. 

What can you do with the HaloITSM API Integration with Backup Radar?

In a nutshell, you can now integrate Backup Radar with HaloITSM for two-way sync of backup tickets. Push urgent backup tickets directly into HaloITSM to help get visibility into your most actionable tickets. 

Backup Radar’s intelligent ticketing automation streamlines your existing workflow by plugging right into your PSA to do the heavy ticket lifting and reduce that dreaded ticket noise. This integration automates the process of automatically creating, grouping, appending, and closing related backup status tickets, so you only see the most actionable alerts. 

Connect HaloITSM with Backup Radar

Current Backup Radar Partners can easily integrate now with our simple step-by-step process to guide you through. 

If you’re tired of sifting through heaps of backup tickets every day, or are worried about those tickets being missed (and how would you even know?), then you need a Backup Radar demo, stat. We can help; let us show you how!

Cybersecurity compliance is a moving target, and we’re committed to helping our Partners navigate the complex landscape with confidence. That’s why we’re so excited to share the latest updates to ControlMap, which our development team was hard at work on over March 2024, including an activity log feature, the release of major frameworks, and new integrations. 

New for March 2024

More details below.

Activity Logs

Many cybersecurity frameworks, including NIST CSF 2.0 and CMMC 2.0, require activities to be tracked throughout the compliance journey. Now, within ControlMap, admins can view “Activity Logs” —a list of actions taken within ControlMap. Tracked activities include actions that are:

The new Activity Log feature makes it easy to track and manage activity data as part of your compliance efforts.

HIPAA Privacy Rule

This framework provides federal standards to safeguard the privacy of personal health information and gives patients an array of rights concerning that information, including the right to examine and obtain a copy of their health records and to request corrections.

For our Partners who specialize in healthcare this new framework allows them to diversify their HIPAA compliance offering, as well as boost the security of sensitive data. 

The HIPAA Privacy Rule gives our healthcare-focused Partners one more advantage in delivering compliance services for their clients.

Breach Notification Rule

HIPAA’s Breach Notification Rule requires covered entities to notify patients when their unsecured protected health information (PHI) is impermissibly used or disclosed — or “breached,” — in a way that compromises the privacy and security of their PHI.

Adding the Breach Notification Rule to ControlMap helps our Partners who specialize in healthcare, allowing them to safeguard their clients’ PHI. 

Another win for our Partners who service clients in the healthcare space!

Thinking about offering compliance services? 

Join us on this cybersecurity compliance journey as we redefine the standard with MSPs at the forefront. Contact our sales team or book a demo to see how ControlMap guides the lift-off of vCISO services. 

Stay tuned for more updates as we continue to drive innovation and support our Partners on their MSP adventure. Check out the ScalePad Community here to track all of our exciting new features and announcements.