Certify Your Practice.
Win More Business.
The Certified Managed Compliance Provider (CMCP) program gives your MSP the credential, the skills, and the platform mastery to deliver compliance services your customers are already asking for.
Learn More YOUR CUSTOMERS ARE ALREADY ASKING
Compliance is no longer a nice-to-have – it is a buying requirement. Your customers are facing pressure from upstream enterprise clients, cyber insurance underwriters, and regulators who want proof of security and a strong compliance posture.
The MSPs who can deliver compliance services credibly and confidently – with a structured approach, the right tooling, and a recognized credential – will win those engagements. The ones who can't will refer them out or lose them.
EARN CREDIBILITY
A Designation Your Customers Recognize
The CMCP is awarded to your organization – not just an individual. Display it to prospects and customers as proof that your practice is structured, verified, and audit-ready.
STAND OUT
Differentiate in a Crowded Market
Most MSPs claim they can do compliance. CMCP-certified MSPs can prove it – with a recognized credential backed by a structured curriculum and platform-aligned delivery skills.
WHAT THE CMCP CREDENTIAL IS
The Certified Managed Compliance Provider (CMCP) is an organization-level designation – awarded to your MSP as a business, not to an individual employee. It signals to every prospect and customer you engage that your practice has been trained, tested, and verified to deliver compliance services using a structured, auditable methodology built on the K Compliance Manager platform.
- Delivered via: LMS-based, self-paced program with gated assessments at every module
- Earned by: Your organization – requires at least one user to complete and pass the full program
- Built on: KASEYA Compliance Manager – the platform your practice already uses or is investing in
- Expandable: Add framework-specific deep-dive modules as your customer base and practice grow
The CMCP program is available exclusively through DIGITAL HANDS on behalf of KASEYA.
WHAT YOU WILL LEARN – CORE CERTIFICATION
(Modules 1-8)
Nine progressive modules build your practice from the ground up – from compliance fundamentals and platform configuration through client delivery, reporting, and advanced multi-framework engagements. Every module is gated. You advance when you can prove you are ready.
#
Module
What You'll Be Able to Do
1
GRC Foundations
Walk into any compliance conversation with confidence – explain what GRC means, why your customers care, and exactly what your role is as their compliance partner
2
Framework Scoping & Control Mapping
Accurately scope any compliance engagement, map controls across frameworks, and build unified evidence strategies that serve multiple standards at once
3
Compliance Manager Configuration
Configure KASEYA Compliance Manager for any client environment – activate frameworks, integrate your tool stack, set up role-based access, and validate scan results from day one
4
Evidence Collection & Validation
Collect and package audit-ready evidence that satisfies auditor standards – across both automated platform outputs and manual collection – so nothing gets kicked back
5
POA&M Governance
Build and run a remediation tracking program your clients can see, understand, and act on – turning compliance gaps into a managed, accountable process
6
Executive Reporting & Audit Readiness
Produce the reports your clients show their boards and the evidence packages their auditors accept – and guide clients through the audit itself without surprises
7
Delivery QA & Continuous Governance
Operate your compliance practice with consistency and quality – detect drift between audit cycles, score your own delivery, and keep every client on track
8
Advanced Framework Delivery
Handle the most complex engagements – multi-framework clients, CMMC and HIPAA nuances, overlapping evidence requirements – with the depth and precision your clients need
CMCP Designation Awarded to Your Organization
Pass all 8 modules + final certification exam
Pass all 8 modules + final certification exam
GO FURTHER – FRAMEWORK DEEP DIVE
(Module X, Available Separately)
Once you have earned your CMCP designation, Module X is available as an advanced add-on. Each lesson delivers practitioner-level mastery of a single framework – going well beyond the foundational coverage in the core program. Purchase individual lessons for the frameworks your customers need most.
X
Framework / Standard
Practitioner-Level Coverage
Complexity
X.1
CMMC Level 1
17 practices, FAR 52.204-21, SPRS scoring, self-assessment methodology, and False Claims Act exposure for defense contractors
Medium
X.2
CMMC Level 2
110 practices, NIST SP 800-171, C3PAO assessment preparation, CUI scoping, SSP development, and POA&M remediation at scale
High
X.3
NIST CSF 2.0
All six core functions including the new Govern function, profile development, implementation tiers, and gap analysis methodology
Medium-High
X.4
ISO/IEC 27001:2022
93 Annex A controls across four themes, ISMS clause structure, Statement of Applicability, risk treatment planning, and certification audit support
High
X.5
CIS Controls v8
All 18 Controls, 153 Safeguards, Implementation Groups 1-3, MSP tool stack alignment, and attack-prioritized defense rationale
Medium
X.6
SOC 2 (Type I & II)
AICPA Trust Services Criteria, all 9 Common Criteria groups, evidence sourcing, CPA audit process, sampling standards, and report interpretation
High
X.7
HIPAA Security & Privacy Rules
Required and addressable safeguards, ePHI detection, OCR-compliant risk analysis, BAA requirements, and breach notification protocols
High
Why Digital Hands
Who We Are
DIGITAL HANDS is a cybersecurity and risk advisory firm specializing in managed security, Unified Security Posture Management, and GRC services. We built the CMCP program because we saw firsthand what happens when MSPs try to deliver compliance services without a structured foundation – inconsistent delivery, client dissatisfaction, and missed revenue.
The CMCP is not a generic GRC course. It was purpose-built for MSPs operating within the KASEYA ecosystem, aligned to the KASEYA Compliance Manager platform, and designed by practitioners who deliver these services every day.
What Makes This Different
- Built for MSPs
Not enterprise compliance teams or internal IT departments - Platform-aligned
Curriculum maps directly to KASEYA Compliance Manager workflows - Organization-level credential
Your business earns the designation, not just one employee - Gated progression
Every module requires demonstrated competency before advancing - Exclusive
DIGITAL HANDS is KASEYA's only authorized CMCP certification partner - Expandable
Add framework deep-dive modules as your practice grows
PRICING
The CMCP program is designed to be accessible at any stage of building your compliance practice – from your first certification to a fully expanded multi-framework, multi-user program.
Item
What's Included
Price
CMCP Certification (Base)
12-month access: Core curriculum (Modules 1-8), 1 user license, knowledge exam, and CMCP organization credential upon passing; Included: one hour monthly live/interactive Ask-the-Expert session with a Digital Hands GRC practitioner
contact us
A Module X – Additional Framework Lessons
12-month access: Individual Module X lessons – choose one or more frameworks: CMMC L1, CMMC L2, NIST CSF, ISO 27001, CIS Controls, SOC 2, or HIPAA
Prerequisite: CMCP certification, or Knowledge Exam completed
Prerequisite: CMCP certification, or Knowledge Exam completed
contact us
Additional User License
Per-seat license for each additional staff member completing the program within your organization
contact us
Knowledge Exam (Standalone)
Exam-only access for staff who have completed training through an alternate path and seek CMCP designation
contact us
Recertification Exam
Annual or renewal exam to maintain your active CMCP designation as frameworks and requirements evolve
contact us