Omnistruct Achieves a Six-Fold Increase in its Client Service Capacity With its Partnership with Hyperproof
NIST Cybersecurity Framework
NIST SP 800-53
Omnistruct offers ongoing managed security and compliance services to businesses and their IT providers who need to demonstrate assiduous leadership in handling the sensitive data they steward. Designed around new US guidelines in privacy and cybersecurity built by NIST, Omnistruct subscriptions help organizations in the U.S. demonstrate compliance, maintain customer trust, improve their cyber hygiene position, and minimize damages after a security incident.
“Here at Omnistruct, our consultants not only help our clients determine what needs to be done to improve clients’ security and compliance posture, we work with our clients on their compliance program to ensure progress is made day-in and day-out. We also educate our clients on security and compliance best practices so they can ultimately manage a continuous compliance program on their own,” says John Riley, Founder and Co-CEO of Omnistruct.
Product Used: Compliance Operations Module, Risk Management Module
Quick Facts: Managed Security/Compliance Service Provider // Sacramento, CA
By using Hyperproof Omnistruct increased their consultants’ capacity to serve clients by 6.6x.
Hyperproof helped Omnistruct consultants speed up the completion of gap assessments by as much as 3 months.
Consultants’ interactions with clients that are administrative in nature were reduced by 90%.
Types of Customers Omnistruct Serves
Omnistruct’s core clients are Managed IT Service providers. This is a market with high growth potential because Managed Service Providers (MSPs) are operating a lot of technologies on behalf of their customers, and their customers are increasingly concerned about the MSP’s security and compliance posture. MSPs have not historically had to focus all that much on security and compliance, but this has changed in recent times with the adoption of newer privacy and security laws and the much broader awareness buyers have about supply chain cyber risks.
In addition to MSPs, Omnistruct serves large organizations in a variety of industries, including business services (e.g., insurance companies, property management companies) and manufacturing. Many of these organizations have risk management teams that are mature in the management of industry-specific risks (e.g., theft in grocery stores) but not in cyber risk.
Seeing that the market for Omnistruct services is growing, the firm knew that their consultants couldn’t continue to rely on manual, ad-hoc tools anymore.
Omnistruct saw compliance software as a strategic, firm-wide asset that would take its business to the next level. Omnistruct executives felt that having the right compliance software could help the company accomplish the following goals:
In short, Omnistruct knew that if their consultants could leverage the right compliance software, the firm would be able to grow revenue and improve client satisfaction. Ominstruct would ultimately be able to help more organizations around the world improve their security and compliance posture, creating positive ripple effects for their customers.
Our consultants have deep expertise in cyber-compliance frameworks, and that’s why our clients hire us. Our consultants shouldn’t be spending their time manipulating spreadsheets. We need software that helps us deliver services to our clients in a more streamlined and efficient way, so our consultants have the bandwidth to be the strategic advisors to our clients.
Founder and Co-CEO // Omnistruct
Omnistruct signed their contract with Hyperproof in December 2020. Since partnering with Hyperproof, Omnistruct has been able to increase their firm’s capacity by 660%.
As of June 2021, Omnistruct’s consultants have migrated existing customers to Hyperproof and have added additional new customers to the platform as well. Omnistruct chose to give all of their clients direct access to Hyperproof so they can see how the work is progressing and understand their security/compliance posture in real-time.
Here’s a summary of how Hyperproof has affected Omnistruct’s consultants’ productivity:
According to Matt Monroe, a cyber-compliance expert leading client operations for Omnistruct, Hyperproof allows him and other consultants to manage a variety of tasks far more efficiently than before, such as conducting gap assessments, putting together clients’ corrective action plans, documenting controls, tracking controls’ health, and reporting on each organization’s progress in meeting NIST standards.
“Our consultants don’t have to update spreadsheets and process word documents sent via email anymore. They can redirect that time to tasks that truly help their clients improve their security/compliance posture,” says Monroe.
Additionally, because clients have direct access to Hyperproof (which contains visual dashboards and reports) and can visually see the progress made over time, they start to appreciate the value of compliance work more and become more committed to making continuous improvements.
With Hyperproof, we’ve enhanced our ability to serve the MSP market and offer valuable services to the MSP’s top customers who need a lot of support on cyber-compliance. Because Hyperproof is good at listening to our input on what features would enhance the product and delivering new features quickly, we feel confident that we can grow our business with Hyperproof
Co-CEO // Omnistruct
Hyperproof streamlines the gap assessment process.
Omnistruct kicks off every new client engagement by conducting an initial security/compliance gap assessment. The results of the assessment are used to build tailored corrective action plans for each client and provide guidance to each client on what they need to do next to align their security program to an industry standard like the NIST Cybersecurity Framework, NIST SP 800-53, or CMMC.
To kick off the security gap assessment, a consultant sends the client a request list detailing all documents (e.g., existing written policies and procedures on security) Ominstruct needs to review to understand the client’s current security posture and the gaps.
Prior to Hyperproof, it was not unusual for a client to take several months to finally send Omnistruct all of the detailed information the consultant needed to form a clear picture of the current state of the client’s cybersecurity stance and the work that needs to be done.
With Hyperproof’s Audit module, Omnistruct consultants can upload a list of requests to the client as soon as a new client engagement starts. A client can respond right away and upload documents back into Hyperproof, linked to a specific item in the request list. Omnistruct consultants can start reviewing clients’ documents right away and see where a client is already compliant, significantly speeding up the gap assessment work.
According to Monroe, one of his clients provided all the information he requested for the NIST Cybersecurity Framework program within five hours of gaining access to Hyperproof.
Guerrero celebrated the success of the Hyperproof implementation by retiring the compliance spreadsheet he inherited from his predecessor.
Omnistruct Consultants Create Corrective Action Plans For Clients in Hyperproof
Prior to Hyperproof, a consultant wrote their findings from the gap assessment and the correction action plan (CAP) in word documents for each client. The CAP is a key deliverable that informs the client what they need to do to get their security posture to the target maturity level and the scope of work for the next phase.
At this time, Omnistruct consultants use Hyperproof’s Risk Register to document each client’s corrective action plans, and they’re conducting walk-throughs with each client in Hyperproof.
“Now that we use Hyperproof to walk our clients through things such as what their risks are and where they need to make additional investments, clients are able to process the information more easily and internalize the concepts. This helps them become more motivated to make progress on their compliance project,” says Monroe.
Managing ongoing compliance work is easier and faster with Hyperproof
Many Omnistruct clients are highly motivated to improve their security and compliance posture, but they have little time or expertise. An Omnistruct consultant partners with each client to help them make steady progress towards a stronger compliance posture on an ongoing basis. During this stage, a consultant works on tasks such as:
Additionally, Omnistruct consultants conduct regular meetings to educate stakeholders on the client’s side on security, compliance, and project management best practices. The ultimate goal is for the client to “graduate” so they are equipped to handle these projects on their own.
Prior to Hyperproof, Omnistruct consultants created project plans and task lists for clients in spreadsheets and sent emails and calendar invites to remind clients to submit proof periodically. They searched through email threads to find documents and manually created reports to update clients on progress.
With Hyperproof, all of these tasks have been streamlined or automated, enabling consultants to drastically increase their productivity and capacity to focus on work that matters. With Hyperproof, Monroe said he’s been able to increase his capacity to serve clients by 660%.
Increase in clients served
Hyperproof allows us to show our expertise to clients more than before. Now that we don’t need to focus on the minutiae of compliance programs, we’re using our resources to solve our customers’ problems
Client Operations Lead // Omnistruct
Omnistruct Clients Have Adopted a Security Mindset
According to Monroe, Hyperproof also plays a positive role in helping client organizations shift their mindset around cyber risk management. “With Hyperproof, we’re able to influence our clients so they move away from this audit-first mindset and start to value security as an organizational capability,” says Monroe.
“Client-side executives are able to log into Hyperproof and see dashboards to understand how much progress has been made by their own tech teams and by their consultant. Through Hyperproof, executives are finally seeing what their technical teams are doing to support the business, and as a result, they’re more supportive of making investment into improving compliance and security posture,” says George Usi, Co-CEO of Omnistruct.
With Hyperproof, we’re able to influence our clients so they move away from this audit-first mindset and start to value security as an organizational capability
Client Operations Lead // Omnistruct
“Long term, our hope would be that Omnistruct could be viewed as the professional services arm for Hyperproof as our relationship develops,” says Riley.
With Hyperproof, Omnistruct was able to create a single source of truth for compliance and automated routine, repetitive work, steamlining workflows and reducing work for teams across the organization.
To see the Hyperproof platform in action, schedule a demo with our team today.