From Evidence to Assessment: A 60-Minute MSP Workshop

A reusable ComplianceAide workshop for MSPs: create a workspace, collect evidence, recover skipped files with Eyes, run an assessment, and turn findings into action.

ComplianceAide MSP Workshop Kit

From scattered evidence to an assessment in one working session

A reusable 60-minute workshop for MSP teams: create a customer workspace, load a small evidence packet, recover skipped evidence with Eyes, run a NIST CSF 2.0 assessment, and turn the first gaps into action.

Use the ZIP as a handout, then extract it locally before uploading the individual files into ComplianceAide. The evidence is fictional and designed for public workshops.
60 minCore workshop window, leaving room for meeting setup and wrap-up.
11 filesSmall evidence pack: policies, exports, dashboards, tickets, backup and identity evidence.
15-40 minTypical full assessment wait. Use partial preview and dashboards while it runs.

Start in the MSP portal

Create a customer workspace before opening the assessment experience. The scope note matters because it becomes launch context for chat and voice.

  • Use a customer-safe, fictional name for public workshops.
  • State the framework, business context, evidence types, and how to treat missing evidence.
  • For a real customer, name the customer here and avoid ambiguous evidence ownership.
ComplianceAide MSP portal create workspace form with scope note
The scope note is optional in the form, but it makes the first AI responses much more useful.
Workshop scope note
Customer: Asteron Manufacturing (fictional workshop client)
Goal: run a NIST CSF 2.0 readiness assessment from a small evidence packet.
Include: policies, asset inventory, identity/MFA exports, vulnerability summary, backup status, tickets, and screenshots captured with Eyes when files are skipped.
Treat missing evidence as a gap, not as compliance.
Customer kickoff scope
This workspace is for a first-pass customer security review. Start by identifying what the uploaded evidence proves, what is missing, and what the MSP should request next. Use NIST CSF 2.0 unless another framework is selected.
Visual evidence recovery scope
If a file is skipped, unsupported, image-only, or easier to show than parse, use Eyes to capture the visible screen as evidence. After capture, ask the assistant to summarize what it saw before running the assessment.

Handle the invite prompt deliberately

After workspace creation, ComplianceAide can send an invite and begin the customer email sequence. In a workshop, usually choose Skip for now so the room stays focused on the live evidence workflow.

  • Send invite starts the customer-facing compliance email campaign.
  • Copy invite link gives you a link without starting the campaign.
  • Skip for now is the clean demo path when the presenter owns the walkthrough.
Invite customer modal showing send invite, copy invite link, and skip for now
Explain this modal before clicking away so MSPs understand what operational motion begins here.

Use the Guide as the instructor

Once the workspace opens, the Guide is the fastest way to keep people oriented. It exposes the next actions without requiring a product tour.

  • Ask the assistant what to do next if the room gets lost.
  • Use Guide buttons for assessment, evidence, reports, and policy generation.
  • Keep the page open while an assessment runs; partial results can appear before final completion.
ComplianceAide Guide card with status and next-action buttons
The Guide card gives the presenter status, next actions, and a clean path while the assessment runs.

Upload evidence from the paperclip

The downloadable evidence pack is intentionally packaged as a ZIP for distribution. For ingestion, extract it first and upload the individual files.

Workshop tip: if the ZIP itself shows zero ingested files or unsupported items, treat that as a teaching moment. Extract the ZIP, upload the files, then use Eyes for visual or skipped evidence.
PoliciesAsset inventoryMFA evidenceTicketsBackups
ComplianceAide paperclip evidence upload control and evidence count
The paperclip is the simplest workshop instruction: attach evidence, then review the file count and warning badge.

Recover skipped evidence with Eyes

If a CSV, screenshot, dashboard, or legacy export is easier to show than parse, open it on screen and use Eyes.

  • Open the skipped file or dashboard on another monitor.
  • Click Eyes, click Start, select the screen or window, then share.
  • Stop sharing after the capture and wait for the queued count to reach zero.
  • Ask: “Using what Eyes just saw, list the assets and tell me what evidence is still missing.”
ComplianceAide top-right Eyes control with Shoulder Coach panel open
Eyes lives in the top-right control area. The Shoulder Coach panel shows Start, queue, captured, and failed counts.

Ask for a plain-English readout

Before running the assessment, ask the assistant to summarize what it can prove from the uploaded and visual evidence. This gives the room an immediate win while the heavier assessment work is queued.

  • Ask for assets, identities, backups, EDR posture, vulnerabilities, and obvious missing evidence.
  • Do not over-script the prompt; the point is to show that the product can guide a normal MSP workflow.
  • Use the answer to pick the right framework and confirm the assessment scope.
ComplianceAide assistant answer listing assets from evidence and Eyes
The room should see the system turn evidence into a short operational answer before the formal assessment.

Run NIST CSF 2.0 without making everyone wait

Start the assessment, then immediately move to parallel work. A full assessment can take meaningful time, especially with many controls. Use the partial preview when it appears, and come back to the final result later.

  • Choose NIST CSF 2.0 for this workshop unless the customer has a specific framework.
  • Open the partial preview as soon as it is available.
  • Explain that final scoring should be read after the run completes, not from the first partial rows.
ComplianceAide NIST CSF assessment preview with readiness and top gaps
Use the preview to discuss “top gaps first” while the full control table continues processing.

Generate a visual story from the evidence

After the assessment is running, open the security dashboards and generate visuals such as Network Diagram, Asset Inventory Landscape, Identity and Access Map, MFA and Account Protection, and Framework Readiness Map.

  • This is the best use of the assessment wait time.
  • Ask the room which dashboard would help them explain risk to a customer.
  • Use Network Diagram early because it makes asset and dependency evidence concrete.
ComplianceAide security dashboard gallery with generated dashboard cards
Dashboards make the workshop feel like a business workflow, not just a compliance upload exercise.

Create a System Security Plan while the assessment runs

This is the best way to make the workshop feel like a full hour instead of a quick upload demo. After the assessment starts and dashboards are generating, ask ComplianceAide to draft a practical SSP from the same evidence.

  • Explain that the SSP is a draft deliverable, not a final audit artifact.
  • Ask for system boundary, assets, roles, implemented controls, partial controls, open evidence requests, and next actions.
  • Use the answer to show how evidence becomes customer-facing documentation while the assessment continues in the background.
ComplianceAide composer with a System Security Plan prompt
Prompt: create a System Security Plan for the fictional customer using the uploaded evidence, NIST CSF context, and visible gaps.

Show the Live Voice Agent

The Live Voice Agent lets users talk through the same workspace workflow instead of typing every prompt. It can explain what to do next, summarize evidence, check assessment status, help draft reports or policies, and talk through dashboard output.

  • Use it to make the product feel guided instead of menu-driven.
  • It can help with almost everything in this workshop except the actual Eyes screen-share capture step.
  • For MSPs, position it as a coach for analysts who do not live in compliance tooling every day.
ComplianceAide composer actions with the Live Voice Agent icon
The phone icon opens the Live Voice Agent from the workspace composer controls.

Explain Connect AI Agent

Connect AI Agent is for handing the workspace to an external AI agent or automation workflow so it can keep working from the same context. This is different from Live Voice: voice is for a human conversation, while Connect AI Agent is for an agent that needs workspace-aware setup.

  • Use it when an outside AI tool should inspect the current workspace, fetch assessment status, or continue a scoped task.
  • It preserves the idea that the workspace is the source of truth: evidence, assessment state, and handoff notes matter.
  • It does not replace Eyes. Visual capture still requires the browser screen-share flow.
ComplianceAide Guide card with Connect AI Agent action
Connect AI Agent appears as a guided action when the workspace has enough context for an external agent handoff.

60-minute core workshop runbook

Set the frame

Position ComplianceAide as a guided MSP workflow: evidence in, assessment and next actions out.

0-5

Create the workspace

Use the MSP portal, paste a scope note, explain the invite modal, and skip the campaign for the live workshop.

5-12

Download and extract evidence

Have participants download the Asteron pack, extract it locally, and upload the individual files.

12-20

Use Eyes for asset inventory

Open the asset inventory on screen, capture it with Eyes, then ask the assistant to list the assets and missing evidence.

20-30

Start NIST CSF 2.0 assessment

Run the assessment and tell the room it can take 15-40 minutes. The next steps are designed to fill that wait time.

30-36

Generate dashboards

Use the dashboard gallery to create a Network Diagram or Asset Inventory Landscape while assessment rows process.

36-44

Create an SSP draft

Ask for a System Security Plan from the evidence, assessment context, and known gaps.

44-51

Show voice and agent handoff

Explain Live Voice Agent for guided conversation and Connect AI Agent for external AI handoff from the same workspace.

51-56

Close with next actions

Review top gaps, evidence requests, owner/date tracking, and what the MSP would do in the next customer meeting.

56-60

Presenter close

“The goal is not to prove perfect compliance in one hour. The goal is to turn a messy starting packet into a defensible map: what evidence exists, what is missing, what risk is visible, and what the MSP should ask for next.”