A compliance gap assessment is the single most powerful entry point for a new GRC client relationship. Delivered well, it demonstrates immediate value, establishes the MSP's expertise, and creates a natural pathway to an ongoing subscription. Here is how to do it with 6clicks.
Who this is for: MSP compliance analysts and delivery leads running their first or ongoing client gap assessments.
TL;DR
- A gap assessment evaluates the client's current compliance posture against a target framework and identifies gaps
- Using 6clicks, a scoped gap assessment can be completed in 3–5 business days (vs 2–4 weeks manually)
- Hailey AI maps client responses to frameworks and controls automatically, generating a prioritized remediation list
- The gap assessment output is a board-ready report that clients can act on immediately
- Most MSPs convert 50–70% of gap assessment clients into ongoing subscriptions
What is a compliance gap assessment?
A compliance gap assessment is a structured evaluation of an organization's current practices, policies, and controls against the requirements of a specific framework (ISO 27001, Essential Eight, SOC 2, etc.). The output is:
- Current state: What the organization is already doing that meets framework requirements
- Gap identification: What is missing or insufficient against framework requirements
- Prioritized remediation roadmap: What needs to be done, in what order, to close the gaps
For the client, the gap assessment answers the question: "Where do we stand, and what do we need to do?" For the MSP, it is the entry point to a compliance programme engagement.
Step-by-step: running a gap assessment with 6clicks
Using the 6clicks platform, MSPs can streamline the full gap assessment journey from setup to remediation.
Step 1: Provision the client Spoke (30 minutes)
Create a new client Spoke in the Hub. Select the target framework (ISO 27001, Essential Eight, SOC 2, etc.). The Content Library pre-populates the Spoke with the framework's controls and assessment structure.
Step 2: Configure the assessment (1–2 hours)
Review the pre-built assessment questionnaire and customize for the client's context if needed. Configure client stakeholder access so relevant contacts can provide responses directly in the platform.
Step 3: Conduct the assessment (1–2 days)
Work through the assessment with the client, either in a workshop session or by sending structured questionnaires through 6clicks. Collect evidence for controls implemented.
Step 4: Hailey AI analysis (automated)
Once responses are submitted, Hailey AI analyzes them against framework requirements. It:
- Maps responses to controls automatically
- Identifies gaps and non-compliance
- Generates a risk rating for each gap
- Produces a draft gap report and remediation priority list
Step 5: Review and refine (half day)
The analyst reviews Hailey's analysis, adjusts any ratings or recommendations based on their professional judgment, and adds narrative context to the gap report.
Step 6: Present findings (1–2 hours)
Present the gap assessment findings to the client in a structured report. 6clicks generates the report format automatically, covering:
- Overall compliance posture (current state vs target)
- Top 5–10 priority gaps and their risk implications
- Recommended remediation roadmap
- Proposed next steps (ongoing managed GRC subscription)
How to convert the gap assessment to a subscription
The gap assessment creates a natural transition to ongoing management:
- The client now has a prioritized remediation list — but no capacity to deliver it internally
- The MSP has demonstrated capability and client context
- The logical next step is a managed program to deliver the roadmap
Present a subscription proposal at the same time as the gap assessment findings. Frame it as: “We’ve identified what needs to be addressed. Here’s how we can support you in managing and progressing it on an ongoing basis.”
Frequently asked questions
Most Australian MSPs price gap assessments at AUD 3,000–8,000 for a scoped single-framework engagement. More complex multi-site or multi-framework assessments are priced higher. Many MSPs offer a discounted or free assessment as a sales tool for promising prospects.
With 6clicks and Hailey AI, a scoped gap assessment typically takes 3–5 business days. Without a platform, the same assessment typically takes 2–4 weeks of analyst time.
Alignment with all 100+ frameworks in the 6clicks Content Library can be assessed using the Audits & Assessments module, including ISO 27001, Essential Eight, SOC 2, NIST CSF, NIS2, ISM, PCI DSS, and more.
Yes. Hailey AI maps evidence across frameworks simultaneously, so a single assessment can generate gap reports for multiple frameworks at once.
A strong initial score is still a valuable outcome. It validates the client's existing program and provides the baseline for ongoing maturity improvement. The subscription transitions to maintenance and continuous improvement rather than remediation.
Next step
Start delivering professional gap
assessments with 6clicks.
.png)
