Case Study

Omnistruct Achieves a 660% Increase in Client Service Capacity with Hyperproof

Omnistruct

Frameworks

NIST Cybersecurity Framework

//

NIST SP 800-53

//

CMMC

Omnistruct

Omnistruct offers ongoing managed security and compliance services to businesses and their IT providers who need to demonstrate assiduous leadership in handling the sensitive data they steward. Designed around new US guidelines in privacy and cybersecurity built by NIST, Omnistruct subscriptions help organizations in the U.S. demonstrate compliance, maintain customer trust, improve their cyber hygiene position, and minimize damages after a security incident.

“Here at Omnistruct, our consultants not only help our clients determine what needs to be done to improve clients’ security and compliance posture, we work with our clients on their compliance program to ensure progress is made day-in and day-out. We also educate our clients on security and compliance best practices so they can ultimately manage a continuous compliance program on their own,” says John Riley, Founder and Co-CEO of Omnistruct.

Product Used: Compliance Operations Module, Risk Management Module

Quick Facts: Managed Security/Compliance Service Provider // Sacramento, CA

+660%

Increase in Ominstruct’s consultants’ capacity to serve clients

+3 mo.

Sped up the completion of gap assessments by as much as 3 months

-90%

Reduction in consultants’ administrative interactions with clients

Types of customers Omnistruct serves

Omnistruct’s core clients are Managed IT Service providers. This is a market with high growth potential because Managed Service Providers (MSPs) are operating a lot of technologies on behalf of their customers, and their customers are increasingly concerned about the MSP’s security and compliance posture. MSPs have not historically had to focus all that much on security and compliance, but this has changed in recent times with the adoption of newer privacy and security laws and the much broader awareness buyers have about supply chain cyber risks.

In addition to MSPs, Omnistruct serves large organizations in a variety of industries, including business services (e.g., insurance companies, property management companies) and manufacturing. Many of these organizations have risk management teams that are mature in the management of industry-specific risks (e.g., theft in grocery stores) but not in cyber risk.

The challenge

Seeing that the market for Omnistruct services is growing, the firm knew that their consultants couldn’t continue to rely on manual, ad-hoc tools anymore.

Omnistruct saw compliance software as a strategic, firm-wide asset that would take its business to the next level. Omnistruct executives felt that having the right compliance software could help the company accomplish the following goals:

  • With increasing demand for its services, Omnistruct needed software to be able to increase their consultant’s productivity and client service capacity. 
  • Historically, all client work was done manually, with spreadsheets, email, word docs. and other tools that don’t support compliance workflows. Omnistruct had attempted to develop compliance software in-house, but it was challenging. Effective compliance software was needed to improve consultants’ productivity and to help the company attract top talent.
  • Omnistruct needed to differentiate their firm from competitors. They felt that if their consultants could use software to deliver tangible results quickly for new clients, it would attract new clients.
  • Omnistruct wanted to increase client engagement and retention. If Omnistruct’s clients could access software that provides a holistic view into their compliance posture and their progress, clients would become more engaged and motivated to continue to make progress. 
  • They wanted to improve the firm’s revenue and profit margin per client by reducing the amount of time it took a consultant to complete each client deliverable.

In short, Omnistruct knew that if their consultants could leverage the right compliance software, the firm would be able to grow revenue and improve client satisfaction. Ominstruct would ultimately be able to help more organizations around the world improve their security and compliance posture, creating positive ripple effects for their customers.

Quote Sign
Our consultants have deep expertise in cyber-compliance frameworks, and that’s why our clients hire us. Our consultants shouldn’t be spending their time manipulating spreadsheets. We need software that helps us deliver services to our clients in a more streamlined and efficient way, so our consultants have the bandwidth to be the strategic advisors to our clients.

John Riley

Founder and Co-CEO // Omnistruct

John Riley

Results

Omnistruct signed their contract with Hyperproof in December 2020. Since partnering with Hyperproof, Omnistruct has been able to increase their firm’s capacity by 660%.

As of June 2021, Omnistruct’s consultants have migrated existing customers to Hyperproof and have added additional new customers to the platform as well. Omnistruct chose to give all of their clients direct access to Hyperproof so they can see how the work is progressing and understand their security/compliance posture in real-time.

Here’s a summary of how Hyperproof has affected Omnistruct’s consultants’ productivity:

  • Omnistruct saw a 6.6-fold increase in their consultants’ capacity to serve clients.
  • Hyperproof helped them speed up the completion of gap assessments by as much as 3 months.
  • The vast majority of administrative tasks consultants used to do have been automated by Hyperproof.
  • Consultants’ interactions with clients that are administrative in nature (e.g,. sending email to remind clients to submit proof on a control) were reduced by 90%; this freed up capacity for more strategic work with clients.

According to Matt Monroe, a cyber-compliance expert leading client operations for Omnistruct, Hyperproof allows him and other consultants to manage a variety of tasks far more efficiently than before, such as conducting gap assessments, putting together clients’ corrective action plans, documenting controls, tracking controls’ health, and reporting on each organization’s progress in meeting NIST standards.

“Our consultants don’t have to update spreadsheets and process word documents sent via email anymore. They can redirect that time to tasks that truly help their clients improve their security/compliance posture,” says Monroe.

Additionally, because clients have direct access to Hyperproof (which contains visual dashboards and reports) and can visually see the progress made over time, they start to appreciate the value of compliance work more and become more committed to making continuous improvements.

Quote Sign
With Hyperproof, we’ve enhanced our ability to serve the MSP market and offer valuable services to the MSP’s top customers who need a lot of support on cyber-compliance. Because Hyperproof is good at listening to our input on what features would enhance the product and delivering new features quickly, we feel confident that we can grow our business with Hyperproof.

George Usi

Co-CEO // Omnistruct

George Usi

Detailed results

Hyperproof streamlines the gap assessment process

Omnistruct kicks off every new client engagement by conducting an initial security/compliance gap assessment. The results of the assessment are used to build tailored corrective action plans for each client and provide guidance to each client on what they need to do next to align their security program to an industry standard like the NIST Cybersecurity Framework, NIST SP 800-53, or CMMC.

To kick off the security gap assessment, a consultant sends the client a request list detailing all documents (e.g., existing written policies and procedures on security) Ominstruct needs to review to understand the client’s current security posture and the gaps.

Prior to Hyperproof, it was not unusual for a client to take several months to finally send Omnistruct all of the detailed information the consultant needed to form a clear picture of the current state of the client’s cybersecurity stance and the work that needs to be done.

With Hyperproof’s Audit module, Omnistruct consultants can upload a list of requests to the client as soon as a new client engagement starts. A client can respond right away and upload documents back into Hyperproof, linked to a specific item in the request list. Omnistruct consultants can start reviewing clients’ documents right away and see where a client is already compliant, significantly speeding up the gap assessment work.

According to Monroe, one of his clients provided all the information he requested for the NIST Cybersecurity Framework program within five hours of gaining access to Hyperproof.

Guerrero celebrated the success of the Hyperproof implementation by retiring the compliance spreadsheet he inherited from his predecessor.

Omnistruct consultants create corrective action plans for clients in Hyperproof

Prior to Hyperproof, a consultant wrote their findings from the gap assessment and the correction action plan (CAP) in word documents for each client. The CAP is a key deliverable that informs the client what they need to do to get their security posture to the target maturity level and the scope of work for the next phase.

At this time, Omnistruct consultants use Hyperproof’s Risk Register to document each client’s corrective action plans, and they’re conducting walk-throughs with each client in Hyperproof.

“Now that we use Hyperproof to walk our clients through things such as what their risks are and where they need to make additional investments, clients are able to process the information more easily and internalize the concepts. This helps them become more motivated to make progress on their compliance project,” says Monroe.

Managing ongoing compliance work is easier and faster with Hyperproof

Many Omnistruct clients are highly motivated to improve their security and compliance posture, but they have little time or expertise. An Omnistruct consultant partners with each client to help them make steady progress towards a stronger compliance posture on an ongoing basis. During this stage, a consultant works on tasks such as:

  • Building custom controls for a client to meet specific compliance requirements
  • Informing control operators what proof needs to be collected for each control 
  • Reviewing the proof the client provides
  • Informing clients of what tasks they need to complete each month
  • Creating reports to update clients on progress being made
  • Providing clients with extra guidance when they need to respond to security and compliance questions from their customers and other stakeholders

Additionally, Omnistruct consultants conduct regular meetings to educate stakeholders on the client’s side on security, compliance, and project management best practices. The ultimate goal is for the client to “graduate” so they are equipped to handle these projects on their own.

Prior to Hyperproof, Omnistruct consultants created project plans and task lists for clients in spreadsheets and sent emails and calendar invites to remind clients to submit proof periodically. They searched through email threads to find documents and manually created reports to update clients on progress.

With Hyperproof, all of these tasks have been streamlined or automated, enabling consultants to drastically increase their productivity and capacity to focus on work that matters. With Hyperproof, Monroe said he’s been able to increase his capacity to serve clients by 660%.

Increase in clients served
by Omnistruct
660%
Quote Sign
Hyperproof allows us to show our expertise to clients more than before. Now that we don’t need to focus on the minutiae of compliance programs, we’re using our resources to solve our customers’ problems.

Matt Monroe

Client Operations Lead // Omnistruct

Omnistruct clients have adopted a security mindset

According to Monroe, Hyperproof also plays a positive role in helping client organizations shift their mindset around cyber risk management. “With Hyperproof, we’re able to influence our clients so they move away from this audit-first mindset and start to value security as an organizational capability,” says Monroe.

“Client-side executives are able to log into Hyperproof and see dashboards to understand how much progress has been made by their own tech teams and by their consultant. Through Hyperproof, executives are finally seeing what their technical teams are doing to support the business, and as a result, they’re more supportive of making investment into improving compliance and security posture,” says George Usi, Co-CEO of Omnistruct.

Quote Sign
With Hyperproof, we’re able to influence our clients so they move away from this audit-first mindset and start to value security as an organizational capability.

Matt Monroe

Client Operations Lead // Omnistruct

“Long term, our hope would be that Omnistruct could be viewed as the professional services arm for Hyperproof as our relationship develops,” says Riley.

Conclusion

With Hyperproof, Omnistruct was able to create a single source of truth for compliance and automated routine, repetitive work, steamlining workflows and reducing work for teams across the organization.

To see the Hyperproof platform in action, schedule a demo with our team today.

See a Demo

See why leading organizations choose Hyperproof

See All Case Studies