Kaseya has introduced a new version of its Compliance Manager solution designed to turn what was primarily an auditing and validation tool for a defined set of regulatory mandates into a more complete and flexible governance, risk, and compliance platform.
“This is a pretty significant upgrade to the product,” says Max Pruger, general manager of Kaseya’s Compliance Manager unit. “We’ve actually completely turned the product on its head.”
Previously, Compliance Manager offered separate dedicated consoles for assessing adherence to HIPAA, GDPR, and the rest of the roughly dozen compliance mandates and standards the system supports. Compliance Manager GRC, as the new release is named, instead provides a consolidated view of every standard and control an MSP monitors in one interface instead. Users can also now create customized standards drawing on a library of some 400 compliance controls. “The product is infinitely extendable,” Pruger says.
New in Compliance Manager as well is a training component that lets technicians assign video-based courses to a company’s employees and specify how many days users have to complete each class. Then they can define a passing grade for the final exam and monitor employee progress. The system delivers that content through a brandable self-serve web portal.
Compliance Manager GRC comes with ready-to-use course materials for a variety of regulations. Users who also subscribe to BullPhish ID, the security awareness training solution from Kaseya’s ID Agent unit, will soon be able to import courses from that product as well.
Most regulations include an employee training requirement of some kind, Pruger notes.
Many privacy- and security-related laws also include rules obliging companies to collect compliance information from suppliers and business partners. HIPAA for example, requires vendors to sign “business associate agreements,” while the federal government’s CMMC standard includes “flow down” requirements for a defense contractor’s subcontractors. To help companies organize and execute that process, Compliance Manager now includes a portal for assessing and tracking vendor surveys.
A newly available integration with Microsoft’s Azure Active Directory allows technicians to import a customer’s identity and access management records into the system for evidentiary documentation purposes too.
“That was the number one feature request that we got,” Pruger notes. “Obviously, lots of organizations are moving to the cloud.” The Azure AD integration also lets technicians identify changes initiated by an employee rather than an administrator.
Data from Azure AD is included in a new Rapid Baseline Assessment feature designed to collect a quick initial view of an end user’s compliance posture based on a roughly half-hour questionnaire. Channel pros can use that information in client meetings and sales presentations, and as the basis for drafting a remediation plan. In the past, users had to complete a lengthy documentation checklist before the system would provide any reporting data.
“It could take 10 to 20 hours of labor to do all of that,” Pruger says. “One of the requests we got from our customers was the ability to provide something of value very quickly.”
For the moment, Compliance Manager GRC is priced the same as the previous version of the product. New, higher rates will go into effect early in the second quarter of the year.