Thought Leadership & Blogs

Soup to nuts: Aligning GRC technology with your end-to-end service delivery model

Written by Anthony Stevens | Oct 17, 2024

This case study highlights the challenges faced by a global advisory firm looking for a comprehensive technology platform to support their entire service delivery model—from initial audit/assessments to, in the medium and longer term, managed services. Like many firms, they initially relied on spreadsheets and an assortment of tools built in-house that met part of the need but fell short when it came to scalability, flexibility, and ongoing maintenance.

In this example, the firm (a global top 10) was seeking a solution that could manage basic assessments while also supporting broader services, upskilling clients, and transitioning to managed service offerings.

Another useful blog on this topic here: Digital transformation for your MSP or advisory business

What they were doing

At the time, the advisory firm was using an internally built 'survey tool' with some pre-defined assessment templates, control sets, and risk libraries. However, the adoption was inconsistent, ad-hoc, and was for internal use only. Adoption aside, the main issue was that this tool only solved a small part of their service delivery model. It could handle basic assessments but didn’t support the transition to broader engagements, such as remediation, ongoing risk management, or the use of the tool to underpin their managed service offerings. This limitation made it difficult for the firm to scale and grow.

The opportunity they saw

The firm recognized the opportunity to streamline its service model and deliver more comprehensive offerings to its clients by following four key phases:

  1. Initial assessment and remediation strategy: Conduct a thorough audit to identify risks and develop a remediation strategy.
  2. Assist with remediation and reporting: Help the client implement the remediation plan and provide regular updates on progress and findings.
  3. Implement a long-term solution: Support the client in adopting a system to ensure ongoing compliance or certification.
  4. Ongoing support or managed services: Either provide change management support to ensure the client’s continued success or transition them to a managed service where the advisory firm takes over GRC management.

How the 6clicks platform met the requirement

To start, the firm’s needs were addressed by adopting the 6clicks Hub & Spoke deployment architecture.  For those more technically minded, this is multi-tenancy for the firm, essentially, their own SaaS platform that allowed them to brand the platform with a vanity domain (such as grc.yourfirm.com), insert their IP into the system and create pre-configured accounts called Spokes, for their clients to make provisioning and onboarding quick and easy. The Hub served as the central management point for all client engagements and provided the additional benefit of roll-up reporting, benchmarking, and analytics.

From the Hub, the firm was able to instantly spin up assessment-only Spokes for individual clients. These Spokes provided the functionality needed to run initial assessments and create remediation plans. The diagram below outlines the features included in the assessment-only Spoke, illustrating how it supports identifying and planning remediation activities.

When the firm or their client needed to transition from an assessment to ongoing risk management, the upgrade to a full Spoke was seamless and completed in seconds. This unlocked advanced capabilities for long-term risk and compliance management. Additionally, the 6clicks licensing model was straightforward—based on the size of the client’s organization rather than a complex user or module-based model. This allowed the firm to scale its services quickly without additional administrative overhead.

How the 6clicks licensing and commercial model works

A critical element of this case study and any decision is how the 6clicks licensing model aligned with the firm’s service delivery model. First, there was no cost for the Hub, and advisors had unlimited access—enabling them to set up their branded platform and manage multiple client engagements without any upfront fees.

For the assessment-only Spokes, the firm purchased them in bundles of 10 annually. While each Spoke was tied to a specific client engagement and couldn’t be reused, the cost was minimal—around 5% of typical engagement fees. This made it cost-effective and easy for the firm to scale and offer assessments across their client base.

As the firm transitioned clients to a full Spoke for ongoing GRC management, the annual licensing cost started at $6k and scaled depending only on the client’s team or organization size. This simplified pricing model meant the firm could easily shift from short-term assessments to long-term managed services without worrying about complex licensing terms.

For more information on the 6clicks pricing model for partners, see: 6clicks pricing for advisors and MSPs

Wrap-up and summary

This case study illustrates how the global advisory firm successfully aligned technology with their end-to-end service delivery model using the 6clicks platform. By leveraging the Hub & Spoke architecture, they seamlessly transitioned from initial assessments to ongoing risk management and even offered managed services where needed.

The flexible licensing model was a key enabler, allowing the firm to start with assessment-only Spokes and scale up to full Spokes based on client needs, with pricing aligned to the size of the client’s organization. The diagram below shows the progression through their service delivery phases and how 6clicks, with its associated licenses, fits into each stage—from initial assessments to the fully managed service offering.

 

 

Interested in transforming your client services with a turn-key cyber GRC platform? Hit the button below to learn more about our partner program.