Wayne Hunter didn’t set out to build a compliance program for MSPs. He was trying to stop the same problem from happening over and over again.
Banks would pass audits. Then they’d fail them. Documentation looked fine, but reality didn’t. Every year brought the same scramble: pulling IT staff into audit prep, checking boxes, then putting it aside until the next cycle.
Hunter, CEO of AvTek Solutions Inc., kept seeing the flaw. “The very people that you’re doing an audit of are the people that generated the documentation. The documentation said they’re good, but it didn’t match what they’re actually doing.”
That frustration pushed Hunter to rethink how compliance should work. Rather than a once‑a‑year event, it must be ongoing, provable, and something that doesn’t collapse under scrutiny.
That thinking eventually became the AvTek Compliance Ready Program. For MSPs, this model offers a glimpse of where compliance is heading.
A Different Way to Look at Compliance
Hunter is well-versed in regulated environments. AvTek’s core customers are banks, insurance firms, and other organizations where audits are routine.
When he started asking compliance officers where things broke down, the answer was consistent. Compliance was treated as a point‑in‑time exercise. Plus, the same people responsible for running IT were often responsible for documenting it. “It was only as good as that point,” Hunter told ChannelPro. “I like to use the old term, ‘fox in the hen house,’” he explained.
Wayne Hunter
Hunter’s answer was separation. AvTek built a compliance practice that monitors continuously, maintains documentation year‑round, and preserves a clean chain of evidence. The compliance team never touches remediation. IT stays with the MSP or internal team.
“If something comes up, I need a process that gives that information to IT to remediate,” Hunter noted. “But the people that are doing it cannot have any authoritative access to the environment, because then that’s a chain‑of‑evidence issue.”
Why This Matters to MSPs
Hunter didn’t rush this to market. For nearly a year, other MSPs asked if they could resell or partner on AvTek’s approach. He kept saying no.
“You can sell something, then build it. Or you put in the constant work, fund it, build it, validate it, then you sell it,” he emphasized. “Compliance is one of these. You can’t sell it then build it.”
Only after validating the process with real clients — and putting it in front of ISO 27001 and SOC 2 auditors — did AvTek move forward. The Compliance Ready Program launched in October 2025 to a standing-room-only group of MSPs at the DattoCon conference in Miami. The response was immediate.
That momentum also earned AvTek outside recognition. In late 2025, the company was named among the MSP Titans of the Industry award winners in the compliance category.
The Compliance Ready program is designed so that MSPs don’t have to struggle to build their own compliance department. It can be sold white‑labeled, co‑sold, or positioned as a true third‑party compliance service. AvTek handles the compliance work. MSPs handle IT. Everyone stays in their own lanes.
That clarity is already changing how some MSPs operate. “One MSP is telling prospects, ‘If you don’t want to do compliance, then you can’t be our client,’” Hunter recalled.
Compliance as an Enabler, Not a Burden
Hunter sees compliance as a way to strengthen the MSP‑client relationship, not complicate it.
“I always tell people you can have security without complaints, but you can’t have compliance without security,” he said. “A lot of people think they’re one and the same, but they’re two totally different things.”
When compliance is done right, it removes opinion from the conversation. “You can go right to a control and show that the control says you have to have this,” Hunter said. “It’s an enablement.”
That is becoming more important as shared liability increases, insurance requirements tighten, and state‑level safe harbor laws expand. “If you’re not aware of that, you’re in trouble,” Hunter said.
The Key Takeaway
Every MSP should not try to build compliance internally. But there are some for it will work, Hunter admitted. What matters is doing it correctly.
“If you have the capacity and the ability to develop a compliance department and do it the right way, I encourage you to do it,” he said. “If not, then find someone you can partner with.”
Compliance requires process, documentation, independence, and constant attention. It is constantly changing, so it requires the willingness to keep up with it.
For MSPs that get this right, whether on their own or through a partner, compliance stops being a fire drill. It becomes a way to protect clients, reduce risk, and create real differentiation in the market.
How the AvTek Compliance Ready Program Helps MSPs Grow
A quick look at the business and operational upsides for MSP partners:
- Creates a new revenue stream. Offer compliance services without building a full compliance department.
- Shortens sales cycles. Controls and requirements help remove opinion from security conversations.
- Reduces MSP risk. Clear separation between compliance oversight and IT remediation helps protect the chain of evidence.
- Improves retention. Ongoing compliance work increases stickiness, especially in regulated industries.
- Opens doors to regulated verticals. Helps MSPs serve banking, healthcare, insurance, and audit-driven SMBs.
- Keeps your team focused. MSPs stay on IT delivery while compliance specialists handle documentation and readiness.
Anjali Fluker is managing editor of The ChannelPro Network, where she covers news, trends, and best practices for the MSP community. She specializes in telling the stories that matter to IT providers serving the SMB market. When she’s not reporting on the latest in managed services, she’s connecting with channel pros at industry events across the country.
Featured image: graphicview35 — stock.adobe.com
