1.0 - Introduction
Ah, the SecOps module - where security meets operations and they awkwardly shake hands. This is your go-to spot for all things security procedures and protocols. It’s like the trophy room for your team’s certifications, the whiteboard for your security baseline, and the manual for your operational security.
It’s also where you map out those all-important processes and procedures - because nothing says 'we’ve got this' like a well-documented plan. Sure, it might sound easy, but once you dig in, you'll realize there's a whole lot more beneath the surface.
So roll up those sleeves, grab a coffee and let’s get operational!
2.0 - Accreditations, Training & Frameworks
In this section, you’ll find a handy list where you can add all your MSPs accreditations, your teams training certificates, and document your alignment to security frameworks. It's to show off (or start collecting) your cyber street cred!
2.1 - Accreditations
Whether you’ve already snagged that shiny ISO 27001 certification or you’re still in the trenches working towards HIPAA or CMMC, HighGround’s got you covered.
Adding your security accreditations here is as easy as pie.
To add a security accreditation:
Click on ‘Accreditations’.
Choose ‘+ Add Accreditation’
Enter the name of your Accreditation.
Fill in the relevant information
Click ‘Save’.
And just like that, your accreditation is safely stored in HighGround. No more frantic searching through old email threads or dusty file cabinets - it’s all right here, ready for its time to shine!"
Note: If the security accreditation you have is not shown in the list you can still add it by typing in the name and hitting '+ Add …'.
2.2 - Training certificates
Your team got certifications? HighGround is the perfect place to stash them - whether your employees are already certified or still on their heroic quest to get there. It’s like their own personal wall of fame, minus the need for a hammer and nails.
Adding Training Certifications to HighGround
Follow these simple steps:
Click on ‘Training Certificates’.
Choose the employee who holds the certificate (or add them if they’re not already listed).
Select ‘Add Certificate’.
Enter the relevant information.
Press ‘Save’.
And voilà! The training certificate is now linked to your employee in the Training Certifications section, right where it belongs. No more digging through ancient spreadsheets or frantically searching inboxes - HighGround’s got your back!
2.3 - Frameworks
This is your opportunity to define the cybersecurity, information security and data privacy frameworks your organization is aligned to.
3.0 - MSP Operational Security
Your MSP Operational Security isn’t just a box to tick, and it's certainly not a one-and-done thing. It's an endless pursuit to be better, recognizing that you are the biggest threat to your clients. A weak process, a simple screw-up, and you could invertedly hand the bad guys that one break they're waiting for.
In HighGround, we've curated what we believe to be the most curated MSP Operational Security question set available. It comes from an amalgamation of Security Frameworks, real world MSP experience, and a healthy dose of 'black hat' perspective.
Tip: you can now use AI in the SecOps module with our 'Smart Answers' feature. By turning this on AI will provide a statement based off your answer in both the boxes below the question. To learn more about AI read our Using AI in HighGround article.
As you answer each question, you’ll see your progress moving forward. But before you start flexing those security muscles, let’s clarify: This percentage is purely about completion, not a score. It’s not judging you—it’s just keeping track of how many questions you’ve tackled.
In other words, it’s like the progress bar on a software update. It doesn’t mean your security is 100% bulletproof—it just means you’ve answered 100% of the questions.
So, keep going, and let’s get that bar to full!
Tip: for any questions that you answer 'No' or 'In Progress' to, use the + button on the top right menu to create a Task. This will ensure you don't forget to take action to address any shortcomings.
4.0 - MSP Security Baseline
Your MSP Security Baseline is like the house rules for every client - no exceptions, no excuses. It’s where you lay down the law by defining the minimum security standards you’ll provide to all clients, no matter what. This is your "This is how we do things around here".
How to Add an item to your Security Baseline
Step 1: Head over to 'MSP Security Baseline' like a boss.
Step 2: Click '+ Add'—it’s the big, inviting button. You got this.
Step 3: Give your baseline a name and a description.
Step 4: Jot down any notes you want to keep with this security baseline.
Step 5: Add resources if needed. You can upload a file or drop in a link. Basically, if it’s useful and legal, throw it in there.
Step 6: Hit that 'Save' button.
Job done!
5.0 - MSP Security Processes & Procedures
This section is built on 5 of the 6 mighty pillars of the NIST Cyber Security 2.0 Framework:
💡Identify
🔒Protect
🔎Detect
📞Respond
⭕Recover
Think of them as the Avengers of cybersecurity - each with its own special skills, and when combined, they're pretty much unstoppable.
When you dive into each element, you’ll find different sections filled with questions designed to measure how closely your processes and procedures align with the NIST framework.
Note: Your percentage score here isn’t about perfection. It’s based on how many questions you answer, not how perfect those answers are. So even if your answers are a mix of "Yes," "No," and "In Progress," you're still moving the needle forward.
How to Answer:
"Yes" – You’re crushing it! You’ve got this process nailed down.
"No" – Not yet, but hey, admitting it is the first step.
"In Progress" – You’re on the way. It’s like the cybersecurity equivalent of "We’re working on it, boss!"
And because transparency is key, you can leave:
Internal Comments: Perfect for leaving notes, insights, or maybe a reminder to future you ("Don't forget to update this next quarter!")
External Comments: These show up on your security statements that you send to clients, so keep it professional and impressive.
Tip: you can now use AI in the SecOps module with our 'Smart Answers' feature. By turning this on AI will provide a statement based off your answer in both the boxes below the question. To learn more about AI read our Using AI in HighGround article.
There you go! You’re now ready to conquer the NIST Cyber Security 2.0 Framework like the tech hero you are.
Tip: for any questions that you answer 'No' or 'In Progress' to, use the + button on the top right menu to create a Task. This will ensure you don't forget to take action to address any shortcomings.
6.0 - Performing a Security Operations Audit
Whilst running a security audit isn't getting you exited - it is super important for ensuring you're staying on top of your processes and procedures, and continually moving forward. If we're not convincing you, here's a few key benefits:
🛡️ Security, Security, Security: Regular audits help identify poor practices and non-compliances. How can you be sure your engineers aren't sending passwords via ticket notes . . . ?
📜 Compliance Confidence: Many industries have strict regulations (think GDPR, HIPAA, SOC 2). Audits ensure your business meets these standards, avoiding hefty fines and maintaining client trust.
🚀 Operational Efficiency: By reviewing systems and processes, audits can highlight inefficiencies, helping you optimize workflows and potentially save money.
🤝 Client Trust: Showing that you perform regular audits can be a big selling point. It proves you’re proactive about security and operational excellence.
🚦 Risk Management: Audits can spot potential risks before they become full-blown issues, helping you take preventive measures. Prevention is always cheaper than the cure, right?
The SecOps module lets you run an audit whenever the mood strikes—or, more likely, whenever your boss asks, “How secure are we, really?” Running an audit is quick, painless, and just a few clicks away.
How to Run an Audit
Press 'Run Audit'.
Fill Out the Three Sections: The audit will guide you through three sections.
Hit 'Continue': You’ll be whisked away to the Summary Page, where the audit results are broken down based on the info you provided.
Add a Custom Summary (Optional but Awesome): If you’re feeling extra confident, you can add your own summary description to show up in the Audit History.
Press 'Complete': You did it! Hitting complete takes you back to the SecOps page, and your Audit History will now show your latest audit as 'In Progress'.
And just like that, you’ve run an audit! High-five yourself and get ready to dig into those results.
Tip: you don't have to complete the audit in a single go - you can pause the audit at any time and return to it later, picking up where you left off.
7.0 - Printing your MSP Security Statement
While the SecOps module is awesome for getting a real-time feel for your security operations, but where it really comes in useful is when you can print a security statement that makes you look awesome to your clients and prospects.
How to Print Your MSP Security Statement
Locate 'Print Security Statement': It’s hanging out at the top right of the SecOps screen.
Click It! When you do, an email with your security statement will be sent to the email address associated with your account.
Download and Bask in Your Glory: Once it arrives, download it, print it, and feel free to frame it.
Tip: any questions you have answered 'No' to in your MSP Operational Security and MSP Processes & Procedures will not be included in your Security Statement.
8.0 - Printing Your Security Recommendations
If you want an actionable report with recommendations on how to improve your MSPs operational security and security processes and procedures, then look no further. With HighGround, you can print your Security Recommendations at any time as follows:
Select 'Print Security Recommendations': This option is chilling under the Audit History section.
Get Your Gap Analytics Report: An email will appear in your inbox with a document that aligns with the NIST Cyber Security 2.0 framework. It includes all the questions from the SecOps module along with their IDs and descriptions.
Now you've got both the Security Statement and the Gap Analytics Report at your fingertips. Perfect for meetings, audits, or just showing off how on top of things you are.