How to run a gap assessment for a new client using 6clicks

A compliance gap assessment is the single most powerful entry point for a new GRC client relationship. Delivered well, it demonstrates immediate value, establishes the MSP's expertise, and creates a natural pathway to an ongoing subscription. Here is how to do it with 6clicks. 

Who this is for: MSP compliance analysts and delivery leads running their first or ongoing client gap assessments.

 

TL;DR

 

• A gap assessment evaluates the client's current compliance posture against a target framework and identifies gaps
• Using 6clicks, a scoped gap assessment can be completed in 3–5 business days (vs 2–4 weeks manually)
• Hailey AI maps client responses to frameworks and controls automatically, generating a prioritized remediation list
• The gap assessment output is a board-ready report that clients can act on immediately
• Most MSPs convert 50–70% of gap assessment clients into ongoing subscriptions

What is a compliance gap assessment?

A compliance gap assessment is a structured evaluation of an organization's current practices, policies, and controls against the requirements of a specific framework (ISO 27001, Essential Eight, SOC 2, etc.). The output is:

1. Current state: What the organization is already doing that meets framework requirements
2. Gap identification: What is missing or insufficient against framework requirements
3. Prioritized remediation roadmap: What needs to be done, in what order, to close the gaps

For the client, the gap assessment answers the question: "Where do we stand, and what do we need to do?" For the MSP, it is the entry point to a compliance programme engagement.

Step-by-step: running a gap assessment with 6clicks

Using the 6clicks platform, MSPs can streamline the full gap assessment journey from setup to remediation.

Step 1: Provision the client Spoke (30 minutes)

Create a new client Spoke in the Hub. Select the target framework (ISO 27001, Essential Eight, SOC 2, etc.). The Content Library pre-populates the Spoke with the framework's controls and assessment structure.

Step 2: Configure the assessment (1–2 hours)

Review the pre-built assessment questionnaire and customize for the client's context if needed. Configure client stakeholder access so relevant contacts can provide responses directly in the platform.

Step 3: Conduct the assessment (1–2 days)

Work through the assessment with the client, either in a workshop session or by sending structured questionnaires through 6clicks. Collect evidence for controls implemented.

Step 4: Hailey AI analysis (automated)

Once responses are submitted, Hailey AI analyzes them against framework requirements. It:

• Maps responses to controls automatically
• Identifies gaps and non-compliance
• Generates a risk rating for each gap
• Produces a draft gap report and remediation priority list

Step 5: Review and refine (half day)

The analyst reviews Hailey's analysis, adjusts any ratings or recommendations based on their professional judgment, and adds narrative context to the gap report.

Step 6: Present findings (1–2 hours)

Present the gap assessment findings to the client in a structured report. 6clicks generates the report format automatically, covering:

• Overall compliance posture (current state vs target)
• Top 5–10 priority gaps and their risk implications
• Recommended remediation roadmap
• Proposed next steps (ongoing managed GRC subscription)

How to convert the gap assessment to a subscription

The gap assessment creates a natural transition to ongoing management:

• The client now has a prioritized remediation list — but no capacity to deliver it internally
• The MSP has demonstrated capability and client context
• The logical next step is a managed program to deliver the roadmap

Present a subscription proposal at the same time as the gap assessment findings. Frame it as: “We’ve identified what needs to be addressed. Here’s how we can support you in managing and progressing it on an ongoing basis.”

Frequently asked questions

Next step